Share this article on:
The Laborers Funds Administrative Office of Northern California has announced it has experienced a HIPAA security incident that has resulted in the protected health information of participants being disclosed to other individuals.
The Laborers Funds Administrative Office of Northern California, which manages Northern California Laborers Trust Funds, conducted a mailing on February 17, 2016 to alert participants that they were not responsible for tax or penalty under the Patient Protection and Affordable Care Act as they had the required minimum level of coverage from the fund.
However, a computer error occurred when mailing IRS 1095-B forms to participants which resulted in some individuals receiving correspondence containing data relating to other fund participants and their dependents. The data detailed on the 1095-B forms included Social Security numbers and health plan coverage information along with the full names of other participants and their dependents.
In accordance with HIPAA and state regulations, all affected individuals have been sent breach notification letters to alert them to the breach of their private and confidential data. All affected individuals have also been offered credit monitoring services without charge and an insurance policy has been taken out to protect all affected individuals against identity theft.
While sensitive data have been disclosed to unauthorized individuals, the Laborers Funds Administrative Office of Northern California has no reason to believe that any data have been used inappropriately or will be used for any unlawful purposes.
To prevent future security incidents from occurring the Laborers Funds Administrative Office of Northern California has implemented new security measures and has strengthened training policies and procedures. Further training has also been provided to customer service staff to ensure they are able to deal with any queries from affected individuals.
The California attorney general’s office has been notified of the privacy breach, as has the United States Department of Health and Human Services’ Office for Civil Rights. A notice was also submitted to the media announcing the privacy breach.