Medicaid Documents Containing Sensitive Patient Data are Found in a Dumpster

    Jun 27, 2017

    A North Dakota agency says the patient data on thousands of Medicaid claim documents has been breached, affecting roughly 2,500 people.

    The North Dakota Department of Human Services reported that an employee was supposed to have properly disposed of the forms in secure onsite receptacles, which are later picked up by a shredding company. Instead, on May 10 a citizen found the documents in a Bismarck dumpster.

    The agency is notifying 2,452 individuals, offering a year of credit and identity theft monitoring services and taking “appropriate disciplinary action against the responsible workforce member,” according to the patient notification letter.

    The breached information did not include addresses, financial data, and Social Security numbers.

    The compromised information did include recipient names, dates of birth, Medicaid provider numbers, first two characters of providers’ names, recipient Medicaid ID numbers, two-digit code of recipients’ counties, recipients’ internal agency identification numbers, dates of service, amounts billed and allowed, amounts covered by insurance, diagnosis codes, and other procedure codes.

    In the letter, the agency said it had no evidence of the information being improperly used or disclosed and believed the risk for disclosure was low.

    As is common in breach notifications, the agency apologized for the breach and plans to retrain employees and to review policies and procedures to avoid another incident.


    © 2017, ARMA International