Terminated Employee Got Hold of PHI of 100 Patients

May 1, 2018 James Keogh HIPAA News

A former employee of Texas Health and Human Services Commission (HHSC) got hold of the protected health information of about 100 patients after being terminated from work. She had collected personal items from her old desk and put them in boxes after being fired. Benefits application forms were included in the boxes by mistake.

The name of the terminated employee is Tracy Ryans, 51 years old. HHSC mailed the boxes containing Tracy’s personal items, which the delivery driver left on her porch. One box contained her personal items including pens, old shoes and a coffee cup. The other box contained paperwork containing highly sensitive information of clients. Ryans told Texas Tribune that those items did not belong to her. They were items from a desk she shared with co-employees.

The paperwork were benefits applications of about 100 clients and contained information such as Social Security numbers, copies of driver’s licenses, billing statements and check stubs. The files were dated April 13, 2018, which is 15 days after Ryans left HHSC.

Ryans sought advice from Texas State Employees Union regarding what she must do with the documents. She was afraid that she will be accused of stealing the papers. She was able to return the paperwork to HHSC with the union’s assistance.

Ryans was terminated after 9 years of working with HHSC because she allegedly failed to ensure the security of client information and violated HIPAA Rules. Ryans denies all these allegations. The mailing of the PHI to Ryans is also considered a violation of HIPAA Rules because she has no legal right to have those information. But, HHSC hasn’t provided details about the sent paperworks to Ryans and if the incident was a case of accidental violation of HIPAA Rules.

HHSC is currently investigating the incident and has submitted a potential privacy breach report to the Office of Inspector General. If the investigation confirms exposure of patients’ sensitive information and violation of HIPAA rules, HHSC will take the necessary steps to mitigate the risks and will notify individuals whose information was impacted.

About James Keogh 144 Articles
James Keogh has been writing about the healthcare sector in the United States for several years. With several years of covering healthcare topics, he has developed expertise in HIPAA-related issues, including compliance, patient privacy, and data breaches. His work is known for its thorough research and accuracy, making complex legal and medical information accessible . James's articles are valuable resources for healthcare professionals and have been featured in reputable publications. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681.
Twitter LinkedIn