Two state employees, a sister and brother, apparently exchanged emails for nearly two years that contained private health information from Medicaid clients, said a Health Care Authority risk manager.
More than 91,000 people enrolled in Washington state’s Apple Health Medicaid program are being notified that their medical records may have been handled improperly, officials said Tuesday.
Two state employees — a woman who worked for the state Health Care Authority (HCA) and her brother, who worked for the Department of Social and Health Services (DSHS) — apparently exchanged emails for nearly two years that contained private health information from Medicaid clients, said Steve Dotson, HCA risk manager.
The information swapped between early 2013 and late 2015 included clients’ Social Security numbers, dates of birth, Apple Health identification numbers and private health information. The woman was a medical-assistance specialist and her brother was an Internet technician, Dotson said.
Both employees have been fired, HCA and DSHS officials confirmed. The pair told investigators that the sister asked her brother for technical help with spreadsheets that contained the data and that the information was not used for improper purposes or forwarded to unauthorized users, Dotson said.
Most Read Local Stories
- Washington may become first state to legalize human composting
- What an Olympic medalist, homeless in Seattle, wants you to know
- Mayor Durkan asks state to investigate why Yakima County Jail inmates were released into downtown Seattle parking lot WATCH
- Washington state senator draws anger after saying nurses probably spend time playing cards
- Permanent daylight saving time passes state Senate 46-2; here’s what’s next
But the transfer of information violated patients’ privacy rights and indicated a pattern of behavior, Dotson said. The case has been referred to federal officials for further investigation, including possible criminal review.
“We have no indication that the client files went beyond the two individuals involved,” Dotson said.
But because officials couldn’t confirm that the data remained within the state systems, the incident is being treated as a breach. Letters were being sent Tuesday to affected clients.
Officials were alerted to the problem by a DSHS whistleblower, an agency spokeswoman said.
HCA covers more than 1.8 million people in Washington through the Apple Health program.