HFS Announces Breach of Private Information

CHICAGO – The Illinois Department of Healthcare and Family Services (HFS) announced today that a contractor working for the agency experienced a security incident that may have resulted in the disclosure of personal information of 508 clients of the agency.

On Sept. 4, HFS was informed that a briefcase containing some personal health information was stolen on Aug. 31.  In compliance with the Health Information Technology for Economic and Clinical Health (HITECH) Act, the Department is in the process of notifying all individuals that it believes were potentially impacted by this incident. HITECH requires that the media should be notified in cases in which a breach involves more than 500 individuals.

HFS had entered into a contract with an organization to perform assessments of residents at various nursing facilities.  A staff member responsible for coordinating the work of the mobile assessors, as well as conducting assessments, had papers in a briefcase at home.  The staff person’s house was burglarized and the briefcase containing the papers was among many things stolen, and thus far, not recovered.  The confidential information in the papers contained lists of nursing facility resident names chosen for assessment, as well as some additional protected health information including names, social security number, Medicaid Recipient Number and birth date.

In a notice sent to the impacted clients, the Department has recommended that they register for fraud alerts with consumer protection agencies. In addition, representatives from the Department are visiting each of the nursing facilities involved and offering to meet personally with the clients and offer them assistance.

HFS is also reviewing the training and procedures that are used by the contracted organization to ensure that such a breach is not repeated.

Following is a link that provides more information from the U.S. Justice Department on how individuals can protect themselves from identity theft:  http://www.justice.gov/criminal/fraud/websites/idtheft.html