The woman faulted for the latest breach of Utah Medicaid data, an account manager for Goold Data Systems, is no longer employed at Goold.
“She was a terrific employee who made a mistake, a pharmacist who oversees the entire Utah account,” said Jim Clair, CEO of the Maine-based company, which manages pharmacy claims for several states’ Medicaid programs. “But [the breach] is that serious to us.”
Late last week, somewhere en route from Salt Lake City to Denver and then Washington, D.C., the woman misplaced a report she had downloaded onto a USB memory stick containing the names, ages and prescription information of 6,000 Utahns on Medicaid.
“She was having difficulty uploading a file that the Utah Department of Health had ordered and found it easier to load it onto a thumb drive,” said Clair. “I don’t think she realized it was against company policy.”
It’s possible that the information will never be compromised.
“It could be sitting in the trash somewhere and eventually destroyed,” said Clair. “But it should have never happened in the first place.”
Clair said the mishap is a reminder to anyone in the health care industry “that one must continuously stress the importance of protecting personal health information. I don’t mean to make it that simple. But unfortunately it is.”
It would be wise for all firms handling protected patient data to review their procedures with every employee. This is, in fact, a requirement of Hipaa. A failure to hold training meetings (and document their attendance) would itself constitute a Hipaa violation.
Source: The Salt Lake Tribune