On Dec. 30, 2013, the North Carolina Department of Health and Human Services inadvertently mailed 48,752 children's Medicaid cards to the wrong addresses.
According to a department news release, the cards were all for children newly eligible for Medicaid under the Patient Protection and Affordable Care Act. The cards contained the children's names, Medicaid identification numbers, dates of birth and primary care physicians.
The department is conducting a review of the incident and is working to determine HIPAA obligations related to the breach: "Federal laws and rules require that DHHS go through an analysis to first determine this incident meets the legal requirements to be considered a breach of protected health information. If confirmed, HIPAA breaches must be reported within 60 days of the incident. DHHS privacy and security staff continue to work on that assessment through the weekend as a part of our comprehensive review," according to the release.
More Articles on Data Breaches:
Riverside Health System Uncovers 4-Year Data Breach
Kaiser Permanente Faces Class-Action Suit Over Data Breach
Barry University Informs Patients of Malware-Caused Data Breach