CORONAVIRUS (COVID-19) RESOURCE CENTER Read More
Add To Favorites

Ohio mental health agency privacy breach affected 59,000

Dayton Daily News (OH) - 6/30/2016

June 30--Since the largest health care privacy breach in Ohio occurred in Springfield late last year -- 113,000 Community Mercy Health Partners medical records were dumped in a public recycling bin -- there have been five additional breaches in the state, according to federal privacy law data.

The largest breach involved the Ohio Department of Mental Health and Addiction Services and affected 59,000 people statewide.

In February, the state agency sent out postcards to consumers of mental health services inviting them to participate in a satisfaction survey.

The mother of an adolescent patient who received the postcard contacted the department, concerned that the postcard publicly identified her family as including someone who had sought mental health services, which constitutes personal health information.

The agency then discovered this wasn't the first time the postcards had gone out.

"Apparently the research unit had been sending out (postcards) up to five years," said Eric Wandersleben, director of media relations and outreach for the agency.

No Social Security numbers, actual diagnoses or other sensitive information was included on the postcards, Wandersleben said, but the agency notified 59,000 people who received the postcards and reported the breach to the Department of Health and Human Services Office of Civil Rights.

The federal agency oversees enforcement of the Health Insurance Portability and Accountability Act and maintains an online database of breaches affecting more than 500 people.

But information on smaller breaches, which account for 99 percent of HIPAA violations, is harder to find.

The I-Team used the Freedom of Information Act to obtain a database of nearly 800 smaller breach investigations of Ohio hospitals and doctors' offices since 2010.

Read the full investigation in Sunday's Dayton Daily News. The database will be available on MyDaytonDailyNews.com.

------

By the numbers

780: Small privacy law violations investigated in Ohio since 2010.

52: Large breaches in Ohio affecting more than 500 people each.

113,000: Number of individuals impacted by Community Mercy Health Partners data breach in November.

12: Violations investigated involving Kettering Health Network resulting in corrective action or other recommendations.

100: Entities with more than one large breach on their record, including Community Mercy Health Partners with two in 2015.

In-depth coverage

The Dayton Daily News is committed to coverage of the health care industry and stories that impact your health. For this story, I-Team reporter Katie Wedell submitted numerous records requests with the federal government to get information on privacy breaches not readily available to the public.

On MyDaytonDailyNews.com

The I-Team compiled all the HIPAA violations investigated by the Department of Health and Human Services through federal records requests.

Search the full database of health care privacy complaints in Ohio online at mydaytondailynews.com.

___

(c)2016 the Dayton Daily News (Dayton, Ohio)

Visit the Dayton Daily News (Dayton, Ohio) at www.daytondailynews.com

Distributed by Tribune Content Agency, LLC.