RALEIGH, N.C. - The North Carolina Department of Health and Human Services (DHHS) is notifying individuals of an incident regarding the email of unsecured protected health information as required by the Health Information Technology for Economic and Clinical Health, or HITECH Act. Specific individuals who were affected are receiving a letter from DHHS.
The issue arose when an employee inadvertently sent an email to the Granville County Health Department without first encrypting it. Attached to the email was a spreadsheet containing information relating to individual Medicaid recipients. The information in the email included the individual's first and last name, Medicaid identification number (MID), provider name and provider ID number, and other information related to Medicaid services.
The staff member realized the error immediately and notified the DHHS Privacy and Security Office of the incident. Staff verified the email was received by the intended recipients. DHHS cannot determine for certain that the email was not intercepted during transmission over the Internet, but has no reason to believe any information was compromised. DHHS is reminding staff to encrypt emails containing confidential information prior to sending and is also exploring technology that will encrypt emails automatically to avoid human error in the future.
While DHHS is unaware of any access, use, or misuse of the information, the department has sent letters to all affected individuals. Individuals who were affected may take steps to protect themselves by putting a fraud alert on their credit files and by keeping an eye on their bank statements and credit card bills for any unusual or unauthorized activity. DHHS has set up a toll free number, 1-800-662-7030, to handle inquiries from the affected individuals.
