From their public statement today:
Florida Department of Health in Palm Beach County is issuing a public notice of an unauthorized disclosure and/or use of protected health information pertaining to some clients of its Health Centers. Federal law enforcement officials informed the department they had obtained a list of names, birth dates, social security numbers, Medicaid numbers, phone numbers, and medical record numbers of individuals who were identified as Palm Beach County Health Department clients.
Individual notices have been mailed to all clients whose names were on the list with information on how to review their credit history and report any suspicious activity to law enforcement. However, DOH-Palm Beach is advising persons that have been a client in one of the Health Centers to review their credit history for any fraudulent or suspicious activities they have not authorized. A free report can be obtained at www.annualcreditreport.com.
The Department of Health takes its role of safeguarding client’s personal information very seriously. and is keenly aware of how important this information is to everyone and is fully committed to safeguarding all confidential information. The department trains staff on the importance of safeguarding protected health information by requiring annual HIPAA and Privacy and Information Security training to all employees.
Individuals who received a letter or have been a medical client and have questions on this incident can call 1-855-438-2778, 8 AM to 5 PM Monday through Friday.
So when did this happen and how did it happen and how many were affected? And why did the county have to be informed by federal law enforcement instead of detecting the breach through internal controls?
This incident does not appear on HHS’s public breach tool at this time.
DataBreaches.net has sent an inquiry to the DOH and will update this post if and when more information becomes available.
Update 1: The Palm Beach Post reports that more than 1,000 patients were affected.