Randy L. Key reports:
Georgia’s Department of Human Services Division of Aging Services has notified approximately 3,000 clients in the Community Care Services Program of an unauthorized disclosure of their protected health information.
The Department has identified the root cause of the issue, which involved the inadvertent disclosure of certain health diagnoses of affected program participants through an email to a contracted provider, and resolved it.
No other personal information—social security numbers, Medicaid numbers, dates of birth, or contact information—was disclosed.
Read more on WJBF.
The report doesn’t indicate when the breach occurred, but I had found it reported on HHS’s public breach tool with a July 8 submission date. At the time, there was no statement on the state’s web site explaining the breach. An FAQ on the breach is now available on their site, but it doesn’t say when the breach occurred or when and how they first discovered it. The FAQ does reveal, however, that the recipient of the errant email was the Fuqua Center for Late-Life Depression at Emory University. The Center did not request the information and destroyed it promptly as instructed.