Nearly 2,500 North Dakotans face a privacy breach

  • Share:
June 05, 2017

From a local news story in North Dakota. Read the bottom. How nice being offered monitoring for one year. However, if like similar offerings, aka Target, the monitoring will only cover breaches as a result of this event. You need complete monitoring.

The North Dakota Department of Human Services is notifying 2,452 Medicaid program recipients or their guardians/personal representatives about a breach of the recipients' protected health information.

The department is mailing letters to affected individuals and has posted a notice to its website to apologize, provide details about the breach, and offer credit/identity theft monitoring services.

On May 10, 2017, a citizen called the department to report finding Medicaid claim resolution worksheet documents, dated 2015 and containing protected health information, discarded in a dumpster in Bismarck. The department recovered the Medicaid worksheets that day, launched an investigation, and has found no evidence that any confidential information has been used improperly or further disclosed.

The breach did not affect Medicaid Expansion or Children’s Health Insurance Program participants. The documents did not contain Social Security numbers, addresses, or any individual financial information.

The documents involved in this incident contain the Medicaid recipient’s first and last name; date of birth; Medicaid provider number; first two characters of Medicaid provider name; recipient’s Medicaid ID number; two-digit code of recipient’s county of residence; recipient’s internal NDDHS identification numbers; dates of service; amounts billed and allowed; amounts covered by other insurance; diagnosis codes; Healthcare Common Procedure Coding System and Common Procedural Technology codes, coding modifiers and quantity; and tooth and surface detail for dental work. Not all types of information were disclosed for all individuals affected by the breach.

The department’s investigation determined that one employee was responsible for the breach and improperly discarded the documents on May 8. There was no malicious intent, and appropriate disciplinary action has been taken.

Because the documents were recovered, the department believes the risk of re-disclosure of information to other unauthorized individuals is low. However, the department is offering affected Medicaid recipients one year of free credit/identity theft monitoring.

Phil Liso, Contact
(562) 322-7376