Medicaid data breach hits Arkansas; email puts medical privacy of 26,000 patients in jeopardy
The confidentiality of more than 26,000 Medicaid recipients’ medical information was broken earlier this year, state officials said Friday as…
The confidentiality of more than 26,000 Medicaid recipients’ medical information was broken earlier this year, state officials said Friday as they prepared to notify those individuals about the breach.
The information — including names, medical procedure codes, birth dates, diagnoses and Medicaid identification numbers — was sent to a fired Department of Human Services employee’s personal email account, a department spokesman said Friday.
The department discovered the information in an email on Aug. 7 while conducting research for its defense of a federal lawsuit filed by Yolanda Farrar over her dismissal from her job as a payment integrity coding analyst, spokesman Amy Webb said.
The email was sent to Farrar’s personal account on March 23 “within minutes” of a discussion over issues that led to Farrar’s firing the next day, Webb said.
The email was also sent to “a few select people,” including an employee of the federal Equal Employment Opportunity Commission and Farrar’s attorney, Webb said.
“We’re working now to see if we can get that information back,” Webb said.
After her firing from the department’s payment integrity unit, Farrar was hired as a nurse at the State Hospital on Aug. 14, Webb said.
She was fired from that job Thursday after an investigation into the privacy breach, Webb said.
“We can’t have someone working at the State Hospital who has disclosed or breached confidentiality for 26,000 people,” Webb said. “We’ve got patients at that hospital, and we’ve got to protect their privacy.”
In some cases, a Medicaid number is the same as a recipient’s Social Security number although the department stopped using Social Security numbers as Medicaid identification numbers several years ago, Webb said.
Department policy prohibits copying, recording or disclosing confidential information without authorization.
Webb said information about the policy violation has been sent to the U.S. Department of Health and Human Services, which enforces violations of federal health privacy laws, and will also be sent to the Pulaski County prosecutor’s office.
The department was also planning to mail notices to the recipients and their health care providers whose information was contained in the email. Information about the confidentiality breach was also posted to the department’s website, humanservices.arkansas.gov.
Attempts to reach Farrar by phone were unsuccessful Friday. Memphis attorney Alan Crone, who is representing Farrar in her lawsuit against the department, didn’t return phone messages left at his office.
Webb said Farrar’s firing in March was for “violations of DHS policy on professionalism, teamwork and diligent and professional performance.”
According to her lawsuit, filed July 11 in U.S. District Court in Little Rock, Farrar had worked for the department since Oct. 6.
Her duties included “reviewing reimbursement coding procedures for billing discrepancies in Medicaid, implementing initiatives based on available database information, and reviewing old systems for loopholes and reimbursement issues,” according to the suit.
She said in the suit that she was treated more harshly than her co-workers because she is black and that her firing came after she filed an internal complaint over discrimination and asked if she should speak with someone at the Equal Employment Opportunity Commission, which enforces federal laws prohibiting discrimination.
The department denied discriminating against Farrar. A trial date has not been set.
Metro on 09/16/2017
Print Headline: Medicaid data breach hits state; Email puts medical privacy of 26,000 patients in jeopardy
Source: Arkansas Democrat-Gazette Medicaid data breach hits Arkansas; email puts medical privacy of 26,000 patients in jeopardy