HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Louisiana Healthcare Connections Breach Affects 13K Medicaid Recipients

Louisiana Healthcare Connections (LHCC) is notifying approximately 13,000 Medicaid recipients that some of their protected health information has been stolen by a former employee and disclosed to a third party. The data breach affects individuals who have enrolled in LHCC in the Acadiana Region of Louisiana.

LHCC became aware of the data breach on December 3, 2015, after being notified of a potential security breach by the Louisiana Attorney General’s Medicaid Fraud Control Unit. The fraud control unit was conducting an investigation into Medicaid fraud that involved data taken from LHCC.

LHCC was informed that an individual had fraudulently gained access to LHCC’s provider website and had downloaded a list of patients. The individual in question worked at a physician’s office, and had used the login credentials of another person to gain access to patient data and had downloaded a list of approximately 13,000 patients. That list was subsequently provided to another individual who was not authorized to view the data. The patient list was unlawfully downloaded on March 3, 2015.

The list included patient names, phone numbers, addresses, Medicaid ID numbers, Medicaid effective dates, and dates of birth of patients. Some of the patients on the list also had other information exposed, such as the number of times they had visited the emergency room and their current medical condition. No Social Security numbers, financial information, or credit card numbers were exposed.

Please see the HIPAA Journal Privacy Policy

To protect patients from identity theft and fraud, all affected individuals will be offered credit monitoring and identity theft protection services without charge. The Louisiana attorney general’s office believes the data was taken with a view to defrauding Medicaid. An individual was arrested on Wednesday January 27, 2016., and faces charges of conspiracy to defraud Medicaid and stealing healthcare data.

In an effort to reduce the probability of similar data breaches of this nature occurring in the future, Louisiana Healthcare Connections will be reviewing its information security protocols and will take steps to ensure that patient data is better protected.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.