HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Indiana Medicaid Recipients Alerted to Potential Data Breach

Medicaid recipients in Indiana are being notified that some of their protected health information was accessible over the Internet between February and May this year.

The fiscal agent for the Indiana Health Coverage Program (IHCP), DXC Technology, says a hyperlink to an IHCP report containing patient information was accessible online. The report was an internal document used for administrative functions.

The information exposed was limited to names, Medicaid ID numbers, patient numbers, procedure codes, dates of service, payment amounts and names/addresses of health care providers. At no point was it possible for Social Security numbers, addresses or financial information to be accessed.

While protected health information could potentially have been accessed via the Internet, no evidence has been uncovered to suggest the link was clicked or that any information was stolen.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

DXC Technology is contacting all affected individuals by mail to alert them to the potential data breach to allow them to take precautions to protect their identities and to satisfy state and federal regulatory requirements. As an additional precaution, all affected individuals are being offered complimentary credit protection services for 12 months, even though DXC Technology does not believe any information has been, or will be, used inappropriately.

DXC Technology says the issue has now been mitigated and the report is no longer accessible.

Employee of Professional Counseling and Medical Associates Stole Patients PHI

Paris, TN-based Professional Counseling and Medical Associates has discovered a former employee copied information from its electronic health record system on or around May 14, 2017.

The data theft was discovered on May 22 and the incident was reported to law enforcement and state and federal agencies. The counselling service does not believe the individual disseminated the information publicly, but the possibility cannot be ruled out.

The stolen data include names, dates of birth, home addresses and insurance information, with some individuals’ medical notes and counselling records also believed to have been copied.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.