LDN - Health and Fitness

Illinois Department of Healthcare and Family Service and Department of Human Services report Incident involving Protected Health Information

Send a link to a friend Share

[April 26, 2018] SPRINGFIELD

Pursuant to the requirements of the Health Insurance Portability and Accountability Act, 45 CFR Sections 164.400-414, the Illinois Department of Healthcare and Family Services (HFS) and the Illinois Department of Human Services (IDHS) are notifying the media of a security incident.

On February 9, 2018, a file received from the National Change of Address registry at the United States Postal Service was matched against an out-of-date HFS and IDHS client file by the Illinois Department of Innovation and Technology (DoIT). The resulting file was loaded into HFS’ and IDHS’ System of Record and wrongly changed the address of several HFS and IDHS customers.

Between February 9 and March 1, 2018, notices containing personal information were mailed to 4,136 individuals at incorrect addresses. It has not been confirmed that any of the notices were actually opened, as they were addressed to the correct individuals but had the incorrect addresses.

The personal information contained in the mailings varied by type of notice but may have included first and last names, health insurance information, medical and financial information, and dates of birth. Neither detailed medical information nor social security numbers were included in the mailings.

[to top of second column]

Consequently, there is a very low risk of identity theft as a result of this incident. The error was discovered on March 1, 2018, and the correct addresses were immediately restored. HFS and IDHS are in the process of sending notice, as required by law, to the individuals affected by this incident and members of the General Assembly. The system has been reconfigured to prevent such incidents from occurring in the future.

Individuals with questions may write to: HFS HIPAA/Privacy Officer, 401 South Clinton, 6th Floor, Chicago, IL 60607 or email HFS.Privacy.Officer@illinois.gov. Credit reporting agencies and the Federal Trade Commission can also offer information about fraud alerts and security freezes.

[(HFS): John Hoffman and (IDHS): Meghan Powers.]

Back to top