On February 13, 2015, a Denton County Health Department employee temporarily left a USB drive at a local printing store in order to print a personal document from the device. Unfortunately, that USB drive included 874 unsecured data files of tuberculosis (TB) clinic patients belonging to the Denton County Health Department, including patient names, dates of birth, addresses, TB test results and other protected health information as defined by the Health Insurance Portability and Accountability Act (HIPAA).
The data files did not include any financial information or any social security numbers.
“We take patient confidentiality very seriously, and we deeply regret this breach of security and the inconvenience for patients. We have spent the past few weeks conducting a thorough investigation to determine the facts and are encouraged there is no evidence that any confidential information was accessed,” said Dr. Matt Richardson, Director of Public Health for Denton County.
“Nevertheless, in light of this event, we have reviewed and updated our internal policies and procedures, performed additional, mandatory training for all employees and have changed the way electronic files are stored.”
The health department found no reason to believe that any patient’s information was accessed by the document printing company or anyone outside of the Denton County Health Department. The department employee left the USB drive unattended for approximately one hour, and upon realization that there were patient records involved, voluntarily reported the potential breach. The health department immediately began an internal investigation.
In compliance with Texas and federal law, affected patients are being notified by mail. Letters to patients potentially affected should be received by early next week, and although the Denton County Health Department is not aware of any access or misuse of the information, these patients are encouraged to take steps to eliminate or minimize any potential harm that could result from this incident.
Because some personal information was included in this breach, officials are recommending that patients affected consider obtaining credit reports from one or more of the major credit reporting agencies and monitor financial and bank accounts for unauthorized activity.
Under federal law, consumers are entitled to a free copy of their credit report, at their request, from each of the major nationwide credit reporting companies once every 12 months. To order a free annual credit report, visit www.annualcreditreport.com, call toll-free 877-322-8228, or complete the Annual Credit Report Request Form (www.consumer.ftc.gov) and mail to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
“Maintaining trust and confidence in the health department is our goal, and this notification is an important step in rebuilding that trust. We’ve been working hard to address gaps in the way we protect data and we promise to continue that work to prevent further mistakes,” said Dr. Richardson.
Those patients receiving letters can call Denton County Health Department at (940) 349-2900 with any questions or concerns.