Two state employees, a sister and brother, apparently exchanged emails for nearly two years that contained private health information from Medicaid clients, said a Health Care Authority risk manager.
More than 91,000 people enrolled in Washington state’s Apple Health Medicaid program are being notified that their medical records may have been handled improperly, officials said Tuesday.
Two state employees — a woman who worked for the state Health Care Authority (HCA) and her brother, who worked for the Department of Social and Health Services (DSHS) — apparently exchanged emails for nearly two years that contained private health information from Medicaid clients, said Steve Dotson, HCA risk manager.
The information swapped between early 2013 and late 2015 included clients’ Social Security numbers, dates of birth, Apple Health identification numbers and private health information. The woman was a medical-assistance specialist and her brother was an Internet technician, Dotson said.
Both employees have been fired, HCA and DSHS officials confirmed. The pair told investigators that the sister asked her brother for technical help with spreadsheets that contained the data and that the information was not used for improper purposes or forwarded to unauthorized users, Dotson said.
Most Read Stories
- 'The Big Dark' is here as first of three storms rolls into Northwest on stretch of trans-Pacific moisture
- 'The Big Dark': Satellite image shows future rain clouds stretching from China to Puget Sound
- Bail set at $1M for uncle suspected of killing Lynnwood 6-year-old
- Boeing, reversing tide of cuts, rushes to bring back retirees as temps
- Police: Lynnwood 6-year-old drowned in bathtub by visiting relative
But the transfer of information violated patients’ privacy rights and indicated a pattern of behavior, Dotson said. The case has been referred to federal officials for further investigation, including possible criminal review.
“We have no indication that the client files went beyond the two individuals involved,” Dotson said.
But because officials couldn’t confirm that the data remained within the state systems, the incident is being treated as a breach. Letters were being sent Tuesday to affected clients.
Officials were alerted to the problem by a DSHS whistleblower, an agency spokeswoman said.
HCA covers more than 1.8 million people in Washington through the Apple Health program.