Share this article on:
Kern County Mental Health Department, CA., (KCMH) has reported a breach of protected health information which occurred during the relocation of its administrative department in April, 2016.
The breach involved the exposure of a limited amount of protected health information of patients who had previously received care from KCMH between September 1, and September 30, 2006.
When the administrative department relocated, the former offices were renovated. A single document was left behind in the offices and could potentially have been viewed by construction workers. The document was discovered by a KCMH staff member upon return to the offices. During the time that the report was left unprotected, staff members did not have access to the area.
The report contained patients’ full names, internal record numbers, service codes, and the unit where treatment was provided. While patients could have been identified as having previously received treatment from KCMH and/or its contractors, the mental health services received were only identifiable by their codes.
KCMH confirmed that highly sensitive data such as financial information credit/debit card numbers, insurance information, and driver’s license numbers were not exposed.
KCMH investigated the incident and ascertained that the entire report had been recovered and no data were missing. KCMH does not believe the report was viewed or copied by any unauthorized individuals. The pages were recovered in the correct order and the report appeared to have been undisturbed.
KCMH has updated policies and procedures to ensure that similar breaches of patient privacy do not occur in the future.
Update: June 24, 2016:
The privacy breach has now been uploaded to the Department of Health and Human Services website. The breach report indicates 1,212 individuals have been affected by the breach. Patients have been notified if they were affected and a media notice has been issued in accordance with HIPAA Rules.