Protected health information of 1,918 Colorado Medicaid patients was compromised after a temporary employee from a private contractor, the Colorado Community Health Alliance (CCHA), sent the information to his or her own personal e-mail address, the Colorado Department of Healthcare Policy and Financing announced.
The Department said Social Security Numbers or other information that is commonly used for identity theft were not included, but the list may have been sent for the employee’s personal use in a separate business. The e-mail was sent on November 21, 2013 and discovered during an audit. CCHA notified the Department about this incident on November 22, 2013 and then terminated the employee.
The information in the e-mail included names, dates of birth, Medicaid identification numbers, addresses, telephone numbers and health conditions. This information is considered protected health information and is protected under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Colorado Medicaid is notifying by mail the patients impacted. The notification from the state urges patients who are contacted by someone they do not know, who knows their name, state Medicaid identification number, and/or health conditions, to immediately verify the identity of the caller and the reason they are calling.