The Washington State Health Care Authority reported that two employees exchanged files containing Social Security numbers and personal health information in violation of federal regulations.
After improper handling by two state employees, the private health information of more than 91,000 Washington state Medicaid recipients was breached. The Washington State Health Care Authority (HCA), which oversees the Medicaid program — called Apple Health — is now sending letters to those whose Social Security numbers, dates of birth, client ID numbers and private health information were exposed.
“Our first and foremost priority is protecting our clients’ personal information,” Steve Dotson, HCA risk manager, stated in a news release. “We have taken swift action to address this issue and help prevent future incidents. I know this is stressful and concerning for those impacted, and we are doing everything possible to support them.”
Those affected by the breach will receive one year of free credit monitoring, which can be redeemed by visiting a designated Web page or calling 877-866-9702.
The breach was the result of two employees who exchanged client files without adhering to requirements of the Health Insurance Portability and Accountability Act (HIPAA), HCA reported. The employees explained that the information was exchanged because one of the employees needed technical assistance with one of the spreadsheets that was exchanged.
The employees also maintained that the information was not used for unauthorized purposes nor forwarded to any other parties, though the state was unable to confirm that claim.
The breach was discovered during an investigation into the misuse of state resources, and has since been reported to federal offices and the state attorney general for further investigation and criminal review.