Improper Disposal Incident Reported by the Georgia Department of Human Services
The Georgia Department of Human Services reported that employees in Augusta, GA had improperly disposed of confidential case files stored in boxes. The case files contained the data of persons who got services from the Division of Family & Children Services (DFCS) before June 12, 2017 and persons who got services from the Division of Aging Services (DAS) prior to 2017.
After receiving a notification about the incident, the Georgia DHS immediately took action to retrieve the boxes to keep unauthorized persons from accessing the files. Georgia DHS believes that unauthorized persons did not access the files when they were left unprotected. Nevertheless, notifications about the breach were sent to all affected patients. Policies and protocols were also reviewed to avoid the same incidents from happening again.
The breach summary posted on the HHS’ Office for Civil Rights breach portal indicated that the exposed files included the data of about 500 people.
NeoGenomics Email Error Affects 911 Patients
NeoGenomics is notifying 911 patients about the accidental disclosure of some of their protected health information (PHI) to an unauthorized person.
On January 28, an employee spoke with a patient regarding the completion and return of a form to NeoGenomics and inadvertently attached and mailed an incorrect Excel spreadsheet. The spreadsheet provided to the patient contained the information of patients who took laboratory tests from January 2018 to October 2019.
The information contained in the spreadsheet included the first and last names of patients, birth dates, and the name of laboratory tests conducted by NeoGenomics. The spreadsheet did not include the results of the laboratory tests and there was no other data impermissibly disclosed. The patient reported the error to NeoGenomics and gave a written confirmation that he/she already deleted the spreadsheet.
As a safety precaution, NeoGenomics offered to provide the affected persons with free credit monitoring services. NeoGenomics stated that the employee who made the mistake underwent another HIPAA training. All the workforce was also directed to verify the accuracy of document and spreadsheet files prior to sending via email.