State loses confidential patient information
Even though the information was lost nearly two months ago, the Department of Health Care Policy and Financing waited until Thursday to announce a computer disk containing confidential patient information was misplaced.
The disk contained information about 3,590 people from around the state who had applied for Medicare or Colorado Children’s Health Plus insurance coverage. The information was limited to such things as names, state identification number and home address, department spokeswoman Joanne Zahora said.
It did not contain things needed for identity theft, such as birth dates, Social Security numbers or other financial information, she said, adding the loss was due to a human error and not a computer malfunction.
“There was no medical diagnoses or anything like that,” she said. “Due to federal law, we have to let people know ... but there’s no threat to them. They don’t need to do anything. They don’t have to be afraid, and there is no action they need to take.”
Zahora said the applicants were from all over the state, including the Western Slope.
The loss was discovered May 6, but Zahora said it took time to ascertain the disk actually had been lost, what was on it and whether losing it constituted a violation of the federal Health Insurance Portability and Accountability Act. Such HIPAA violations can prompt serious penalties from the federal government if gone unchecked, she said.
Zahora said letters were mailed Thursday to the applicants, notifying them of the incident, which occurred when the disk was in transit between the Colorado Department of Personnel and the health policy department.
Normally, such applications are filed directly into the Colorado Benefits Management System, a statewide computer database. These applications, however, came through the personnel department because it was helping process applications from counties that couldn’t get to them, she said.
“This is information from one agency that was helping with the application process and sending the information to us, so it doesn’t happen any other way elsewhere in the system,” Zahora said. “We have changed processes since then, so the prospect of it happening again is nil.”