Illinois Department of
Healthcare and Family Service and Department of Human
Services report Incident involving Protected Health
Information
Send a link to a friend
[April 21, 2018]
SPRINGFIELD
Pursuant to the requirements of the Health Insurance Portability and
Accountability Act, 45 CFR Sections 164.400-414, the Illinois
Department of Healthcare and Family Services (HFS) and the Illinois
Department of Human Services (IDHS) are notifying the media of a
security incident.
|
On February 9, 2018, a file received from the National Change of
Address registry at the United States Postal Service was matched
against an out-of-date HFS and IDHS client file by the Illinois
Department of Innovation and Technology (DoIT). The resulting file
was loaded into HFS’ and IDHS’ System of Record and wrongly changed
the address of several HFS and IDHS customers.
Between February 9 and March 1, 2018, notices containing personal
information were mailed to 4,136 individuals at incorrect addresses.
It has not been confirmed that any of the notices were actually
opened, as they were addressed to the correct individuals but had
the incorrect addresses.
The personal information contained in the mailings varied by type of
notice but may have included first and last names, health insurance
information, medical and financial information, and dates of birth.
Neither detailed medical information nor social security numbers
were included in the mailings.
[to top of second column] |
Consequently, there is a very low risk of identity theft as a result of this
incident. The error was discovered on March 1, 2018, and the correct addresses
were immediately restored. HFS and IDHS are in the process of sending notice, as
required by law, to the individuals affected by this incident and members of the
General Assembly. The system has been reconfigured to prevent such incidents
from occurring in the future.
Individuals with questions may write to: HFS HIPAA/Privacy Officer, 401 South
Clinton, 6th Floor, Chicago, IL 60607 or email HFS.Privacy.Officer@illinois.gov.
Credit reporting agencies and the Federal Trade Commission can also offer
information about fraud alerts and security freezes.
[(HFS): John Hoffman and (IDHS):
Meghan Powers.] |