Two state employees, a sister and brother, apparently exchanged emails for nearly two years that contained private health information from Medicaid clients, said a Health Care Authority risk manager.
More than 91,000 people enrolled in Washington state’s Apple Health Medicaid program are being notified that their medical records may have been handled improperly, officials said Tuesday.
Two state employees — a woman who worked for the state Health Care Authority (HCA) and her brother, who worked for the Department of Social and Health Services (DSHS) — apparently exchanged emails for nearly two years that contained private health information from Medicaid clients, said Steve Dotson, HCA risk manager.
The information swapped between early 2013 and late 2015 included clients’ Social Security numbers, dates of birth, Apple Health identification numbers and private health information. The woman was a medical-assistance specialist and her brother was an Internet technician, Dotson said.
Both employees have been fired, HCA and DSHS officials confirmed. The pair told investigators that the sister asked her brother for technical help with spreadsheets that contained the data and that the information was not used for improper purposes or forwarded to unauthorized users, Dotson said.
Most Read Stories
- What you need to know about Inauguration Day protests, events in Seattle
- Christopher Monfort, killer of Seattle police officer, found dead in prison cell
- 50,000 expected to attend Seattle women’s march day after Trump inauguration WATCH
- Breitbart editor Milo Yiannopoulos sold out for UW speech; WSU event canceled due to weather
- Why are home prices so high? Seattle has 2nd-lowest rate of homes for sale in U.S.
But the transfer of information violated patients’ privacy rights and indicated a pattern of behavior, Dotson said. The case has been referred to federal officials for further investigation, including possible criminal review.
“We have no indication that the client files went beyond the two individuals involved,” Dotson said.
But because officials couldn’t confirm that the data remained within the state systems, the incident is being treated as a breach. Letters were being sent Tuesday to affected clients.
Officials were alerted to the problem by a DSHS whistleblower, an agency spokeswoman said.
HCA covers more than 1.8 million people in Washington through the Apple Health program.