Two state employees, a sister and brother, apparently exchanged emails for nearly two years that contained private health information from Medicaid clients, said a Health Care Authority risk manager.
More than 91,000 people enrolled in Washington state’s Apple Health Medicaid program are being notified that their medical records may have been handled improperly, officials said Tuesday.
Two state employees — a woman who worked for the state Health Care Authority (HCA) and her brother, who worked for the Department of Social and Health Services (DSHS) — apparently exchanged emails for nearly two years that contained private health information from Medicaid clients, said Steve Dotson, HCA risk manager.
The information swapped between early 2013 and late 2015 included clients’ Social Security numbers, dates of birth, Apple Health identification numbers and private health information. The woman was a medical-assistance specialist and her brother was an Internet technician, Dotson said.
Both employees have been fired, HCA and DSHS officials confirmed. The pair told investigators that the sister asked her brother for technical help with spreadsheets that contained the data and that the information was not used for improper purposes or forwarded to unauthorized users, Dotson said.
Most Read Stories
- Gun seized in Che Taylor shooting traced to former sheriff’s deputy, officials say WATCH
- Play presidential-debate bingo — download cards or play online
- Man charged in Cascade Mall shooting was getting court-ordered mental-health treatment
- Houston gunman had 2 weapons, thousands of rounds at scene VIEW
- Suspect in mall shooting was socially awkward, troubled, former classmates and others say WATCH
But the transfer of information violated patients’ privacy rights and indicated a pattern of behavior, Dotson said. The case has been referred to federal officials for further investigation, including possible criminal review.
“We have no indication that the client files went beyond the two individuals involved,” Dotson said.
But because officials couldn’t confirm that the data remained within the state systems, the incident is being treated as a breach. Letters were being sent Tuesday to affected clients.
Officials were alerted to the problem by a DSHS whistleblower, an agency spokeswoman said.
HCA covers more than 1.8 million people in Washington through the Apple Health program.