Medicaid documents with patient info found in dumpster
The North Dakota Department of Human Services has reported the breach of patient information contained on Medicaid claim resolution worksheet documents, affecting the data of nearly 2,500 people.
The agency reported that one of its employees was supposed to have properly disposed of the forms in secure onsite receptacles that a contractor picks up for shredding. Instead, the documents were found on May 10 in a dumpster in Bismarck by a citizen who notified the agency, which retrieved the materials.
Now, NDDHS is notifying 2,452 affected individuals, offering one year of credit and identity theft monitoring services from CSIdentity and has taken “appropriate disciplinary action against the responsible workforce member,” according to the patient notification letter.
Protected information at risk was extensive but did not include the most sensitive information about recipients, such as addresses, financial information and Social Security numbers.
The compromised information included recipient names, dates of birth, Medicaid provider numbers, first two characters of providers’ names, recipient Medicaid ID numbers, two-digit code of recipients’ counties, recipients’ internal NDDHS identification numbers, dates of service, amounts billed and allowed, amounts covered by insurance, diagnosis codes, HCPCS/CPT procedure codes and details on dental work.
In the patient letter, the agency said it has no evidence of PHI being improperly used or disclosed and believes the risk for disclosure is low.
The North Dakota Department of Human Services is urging affected individuals to review credit reports, request a free fraud alert be placed on credit files and to contact the state Attorney General Office if they become a victim of identity theft.
As is common in breach notifications, the agency apologized for the incident and will retrain employees and review policies and procedures to avoid another similar incident.