Two state employees, a sister and brother, apparently exchanged emails for nearly two years that contained private health information from Medicaid clients, said a Health Care Authority risk manager.
More than 91,000 people enrolled in Washington state’s Apple Health Medicaid program are being notified that their medical records may have been handled improperly, officials said Tuesday.
Two state employees — a woman who worked for the state Health Care Authority (HCA) and her brother, who worked for the Department of Social and Health Services (DSHS) — apparently exchanged emails for nearly two years that contained private health information from Medicaid clients, said Steve Dotson, HCA risk manager.
The information swapped between early 2013 and late 2015 included clients’ Social Security numbers, dates of birth, Apple Health identification numbers and private health information. The woman was a medical-assistance specialist and her brother was an Internet technician, Dotson said.
Both employees have been fired, HCA and DSHS officials confirmed. The pair told investigators that the sister asked her brother for technical help with spreadsheets that contained the data and that the information was not used for improper purposes or forwarded to unauthorized users, Dotson said.
Most Read Stories
- Solar eclipse’s tides blamed for broken net, up to 305,000 Atlantic salmon dumped into waters near San Juans
- Look back at our live coverage of the solar eclipse WATCH
- Your guide to enjoying the eclipse from Seattle
- 3 surprising Seattle restaurant closures — plus 11 more
- Watch: Alaska Airlines flight offers dramatic view of solar eclipse WATCH
But the transfer of information violated patients’ privacy rights and indicated a pattern of behavior, Dotson said. The case has been referred to federal officials for further investigation, including possible criminal review.
“We have no indication that the client files went beyond the two individuals involved,” Dotson said.
But because officials couldn’t confirm that the data remained within the state systems, the incident is being treated as a breach. Letters were being sent Tuesday to affected clients.
Officials were alerted to the problem by a DSHS whistleblower, an agency spokeswoman said.
HCA covers more than 1.8 million people in Washington through the Apple Health program.