The patient privacy breach shoe appears to be on the other foot for the California Department of Public Health, which reported losing data for more than 2,500 facility residents, department employees and other healthcare workers to state authorities this week. Over the last year, the CDPH has had its hands full imposing fines on hospitals guilty of losing patient records, a fact that has not escaped department brass, which promised to "redouble" efforts to ensure information protection.
"The privacy of medical and other personal information is a top priority for CDPH," department director Dr. Mark Horton said in a statement. "We immediately implemented procedure and policy changes to prevent such errors from occurring in the future. We take any breach of secure documents very seriously, and we regret this occurrence."
The lost information was stored on an unencrypted magnetic tape, and included everything from employee emails and background information on healthcare workers to the names and diagnoses of health facility residents and social security numbers for both employees and patients. In September, the tape was sent from a CDPH field office in West Covina to the central office in Sacramento via the U.S. Postal Service; while the envelope that was supposed to have contained the tape arrived, it was unsealed and empty, prompting an investigation.
"Normal procedure is to encrypt those files and send them via currier for storage to save as an archive," health department spokesman Kevin Reilly told the San Gabriel Valley Tribune. "In this case, that policy was not followed and we've done a couple of things to correct that."
CDPH is in the process of notifying anyone who may have been affected by the breach.
To learn more:
- here's the CDPH's news release
- read this San Gabriel Valley Tribune article