Wrong Mailings Lead to HIPAA Breach in Colorado

The Colorado Department of Health Care Policy and Financing have announced that protected health information from 1,622 households was exposed unintentionally during a recent mailing.

Letters were mailed between May 25 and July 5, 2015, and the problem was identified on July 1st when a resident notified county workers after receiving a letter not intended for the resident. The technical error was corrected by the Governor’s Office of Information Technology on July 5th.  

The information contained in the letters may have included names, address, state identification number or Medicaid case number, names of family members in a household, employer name, income from that employer, amount of an Advanced Premium Tax Credit (APTC), and whether the individuals were approved or denied for several medical assistance programs such as Medicaid and Child Health PlanPlus (CHP+). For fewer than 50 of those affected, a date of birth was also disclosed, according to a breach notification letter from Colorado Department of Health Care Policy.

The breach also included 1,069 additional cases in which residents receiving benefits through the Department of Human Services had their Social Security number divulged. Another 353 had personal information shared, according to a Denver Post report. As such, in total, some 3,000 individuals were affected.