Bismarck  (CSi) The North Dakota Department of Human Services (NDDHS) is notifying 2,452 Medicaid program recipients or their guardians/personal representatives about a breach of the recipients’ protected health information. The department is mailing letters to affected individuals and has posted a notice to its website to apologize, provide details about the breach, and offer credit/identity theft monitoring services.

 

On May 10, 2017, a citizen called the department to report finding Medicaid claim resolution worksheet documents, dated 2015 and containing protected health information, discarded in a dumpster in Bismarck. The department recovered the Medicaid worksheets that day, launched an investigation, and has found no evidence that any confidential information has been used improperly or further disclosed.

 

The breach did not affect Medicaid Expansion or Children’s Health Insurance Program participants. The documents did not contain Social Security numbers, addresses, or any individual financial information.

 

The documents involved in this incident contain the Medicaid recipient’s first and last name; date of birth; Medicaid provider number; first two characters of Medicaid provider name; recipient’s Medicaid ID number; two-digit code of recipient’s county of residence; recipient’s internal NDDHS identification numbers; dates of service; amounts billed and allowed; amounts covered by other insurance; diagnosis codes; Healthcare Common Procedure Coding System and Common Procedural Technology codes, coding modifiers and quantity; and tooth and surface detail for dental work. Not all types of information were disclosed for all individuals affected by the breach.

 

The department’s investigation determined that one employee was responsible for the breach and improperly discarded the documents on May 8. There was no malicious intent, and appropriate disciplinary action has been taken.

 

The department takes its responsibility to safeguard confidential information seriously and trains staff on the safe handling and disposal of protected, private information. To prevent future occurrences, the department is working with staff and reviewing policies and procedures for safeguarding information.

 

Because the documents were recovered, the department believes the risk of re-disclosure of information to other unauthorized individuals is low. However, the department is offering affected Medicaid recipients one year of free credit/identity theft monitoring.

 

If affected Medicaid recipients have questions or concerns, or would like to sign up for the credit/identity theft monitoring service, they should contact the department by Sept. 5, 2017, at toll-free 844-345-8048 or ND Relay TTY 800-366-6888.

 

The federal Department of Health and Human Services requires entities to notify affected individuals within 60 calendar days after discovery of a breach of protected health information.

 

Affected individuals can also review their own credit reports to look for any unusual activity. To get a free report, go to https://www.annualcreditreport.com/. Individuals who want to track their credit throughout the year can request a free credit report from one of the three credit bureaus every four months.

 

Individuals can also request a free initial fraud alert to be placed on their credit files by contacting any one of the three major credit bureaus:

 

If an individual believes he or she is a victim of identity theft, the North Dakota Attorney General’s Office offers guidance on preventing and reporting identity theft at https://attorneygeneral.nd.gov/consumer-resources/identity-theft.

 

On March 31, 2017, there were 71,556 individuals eligible for the traditional fee-for-service Medicaid program in North Dakota. The number of individuals affected by the breach equals 3.4 percent of the program’s caseload.