Apple Health, Washington state's Medicaid program, has reported a breach affecting the private health information of more than 91,000 individuals after discovering an employee improperly handled the information.
According to the notification from the Washington State Health Care Authority, two state employees in different agencies exchanged Apple Health client files in a manner that is not compliant with HIPAA. Both employees said they exchanged the information because an HCA employee needed assistance with spreadsheets containing PHI, and the data was not used for any unauthorized purposes.
"While we have no indication that the client files went beyond the two individuals involved, important privacy laws were violated, and we are exercising caution and due diligence given the nature of the information," said Steve Dotson, HCA risk manager.
However, the notification says the investigation cannot confirm that the data stayed within the state's system.
Apple Health learned of the incident through a whistleblower investigation into misuse of state resources, according to the notification.
The compromised spreadsheets include client Social Security numbers, birth dates, Apple Health ID numbers and PHI.
More articles on data breaches:
Borgess Rheumatology 700 patients' data breached in mailing error
Louisiana Healthcare Connections announces data breach potentially affecting 13k Medicaid beneficiaries
OPM looks to hire first chief privacy officer since enormous 2015 data breach