Another Breach for Utah DOH

Feb. 27, 2013
For the second time within a year, the Utah Department of Health (UDOH) is dealing with a data breach of Medicaid patient information. This time, a third-party contract lost a USB device that contained the personal information, including name, Medicaid ID number, age, and prescription drug history, of 6,000 Medicaid patients.

For the second time within a year, the Utah Department of Health (UDOH) is dealing with a data breach of Medicaid patient information. This time, a third-party contract lost a USB device that contained the personal information, including name, Medicaid ID number, age, and prescription drug history, of 6,000 Medicaid patients.

Back in April, UDOH’s data server was breached. This breach led to the illegal access of 24,000 claims. 

 For the most recent breach, UDOH says the contractor, Goold Health Systems (Augusta, Maine) processes Medicaid pharmacy transactions for the agency. The Goold employee apparently saved personal health information on an unencrypted, portable USB memory device and then left UDOH headquarters with the device.  They then misplaced the device while traveling between Salt Lake City, Denver, and Washington DC. 

“There were no Social Security numbers or financial information included in the data, so we believe the potential risk for identity theft is minimal.  Further, we have no reason to believe the data were targeted by anyone to be used for malicious purposes,” UDOH Deputy Director and state Medicaid Director Michael Hales, said in a statement.  “Nevertheless, we understand the anxiety this will likely cause, and want clients to know we are taking all reasonable precautions to ensure the missing data cannot be used to harm individual clients or defraud the Medicaid program.”

According to UDOH, it is taking steps to protect the affected Medicaid identification numbers against potential fraudulent use. It says, the Office of the Health Data Security Ombudsman will commit its full resources to assisting affected clients in any way they need.  

“I have directed UDOH attorneys to review our contract with Goold Health Systems, and I fully intend to seek whatever financial or contractual remedies are available in order to ensure GHS is held accountable for this serious mistake,” UDOH Executive Director David Patton, M.D., said in a statement.  “Protecting our clients’ personal information is of utmost importance to our department, and it must be the number one priority of our contractors as well.”

Patton also stated that he hopes Goold will discipline the employee and that they will no longer be allowed to work with UDOH data.

Sponsored Recommendations

How AI-Native Locating Intelligence Revolutionizes the RTLS market

Discover how leveraging an RTLS solution with artificial intelligence as the location engine can increase efficiency, improve safety, and elevate care without the compromises ...

Harnessing the True Power of Cultural, Clinical and Operational Data

Optimize healthcare performance by combining clinical, operational, and cultural insights. A deeper understanding of team factors improves care and resource management.

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...