Utah’s Department of Health has reported its second data breach within the past year. This incident involved the personal information of approximately 6,000 Medicaid patients.
On January 10th, an employee of third-party contractor Goold Health Systems (which processes Medicaid pharmacy transactions for the state agency) saved Protected Health Information (PHI) onto a portable USB flash drive which was not encrypted. The employee traveled between Salt Lake City, Denver, and Washington, D.C., losing the drive during travel. While the Department of Health stated that “There were no Social Security numbers or financial information included in the data, so we believe the potential risk for identity theft is minimal,” patient names, ages, Medicaid ID numbers, and prescription drug histories were contained on the device.
Users of medical billing software such as Lytec 2013 and Medisoft 18 must take precautions to ensure compliance with the HIPAA Security Rule, or risk hefty fines. Contact a healthcare technology consultant at Microwize Technology for more information.