Health records accidentally released

Last month, Madera County received notice from a vendor, which provides an electronic health record system to the County, that the vendor had improperly included the president of another covered entity (unauthorized recipient) within an internal email chain, which contained County client protected health information (PHI) sent on Dec. 29, 2022.

Like the County, the unauthorized recipient is an entity bound by the requirements of the Health Insurance Portability and Accountability Act (HIPAA), as it relates to PHI. The County received notice of the information release on August 4.

The email that was sent to the unauthorized recipient contained the PHI of 1,446 County clients. The data disclosed included patients’ names, dates of birth, programs, claim numbers, service dates, current procedural terminology codes, balances, and Medi-Cal policy numbers. Notices to all affected individuals were sent out by the County on September 13.