HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

California Dept. of Corrections and Rehabilitation Reports Health Care Facility Privacy Breach

The California Department of Corrections and Rehabilitation has announced that an employee of the Division of Adult Institutions’ California Health Care Facility emailed a document containing patients’ names and Social Security numbers to an individual unauthorized to view the data.

The disclosure of patients’ data occurred on May 2, 2016 and was not believed to have been conducted with malicious intent. The email was simply sent to the wrong person.

To reduce the risk of similar incidents occurring in the future, the California Health Care Facility has revised its policies and procedures. The email has also been deleted from the email system, although it is possible that the data were viewed by at least one unauthorized individual.

All individuals affected by the privacy incident have been advised to place a fraud alert on their credit files and have been told to read the California Attorney General’s consumer tips for victims of privacy breaches and to take the appropriate steps they feel are necessary to mitigate risk.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The incident has not yet appeared on the Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal, so it is unclear exactly how many individuals have been affected by the latest privacy incident.

This is the second data breach to affect patients of the California Department of Corrections and Rehabilitation. In May, a data breach was reported that impacted 400,000 current and former prisoners. An unencrypted, but password-protected laptop computer was left in the vehicle of an employee of California Correctional Health Care Services. The laptop computer was stolen on February 24, 2016.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.