Follow us:

The Today File

Your guide to the latest news from around the Northwest

March 6, 2014 at 9:10 AM

Skagit County to pay $215K to settle release of health info

By Rachel Lerman / Skagit Valley Herald

MOUNT VERNON— Skagit County will pay $215,000 and has agreed to monitoring in a resolution agreement with the U.S. Department of Health and Human Services due to a 2011 exposure of county Public Health Department receipts containing protected health information.

The county discovered in September 2011 that receipts from the department were “inadvertently moved to a county public Web server” that was accessed by Google’s search engine for a twoweek period, according to a county news release.

The payment receipts, for services between January 2011 and September 2011, contained information about certain services provided by the department, including a short description of the service without details, the patient’s name and the cost and date of the service. They did not include full credit card numbers, Social Security numbers, birthdates or addresses.

The county learned of the data release in September 2011 when a patient called because she had found the information during a Google search, said Donnie LaPlante, Skagit County privacy officer.

The county reported the release to the public in November 2011.

The county has since had a cyber-liability security expert conduct a risk analysis of its management of protected information. The county made a risk-mitigation plan, updated policies, provided security training and installed new firewalls, LaPlante said.

The receipts were inadvertently coded to be placed on a public server, when they should have been coded for a private server, he said.

“They shouldn’t have been placed on the server that they were placed on,” LaPlante said. “As soon as we discovered it, we removed them.”

The county didn’t receive any other calls about the information apart from the one that tipped them off.

“Skagit County understands the importance of safeguarding our patients’ personal information and takes this responsibility very seriously,” LaPlante said in a prepared statement. “We regret that this incident occurred, and are committed to preventing any future occurrences.”

The county is working with Health and Human Services as part of a corrective action plan to make sure it meets personal health information protection requirements. The plan includes developing additional written policies and training staff, LaPlante said.

Comments | More in General news | Topics: health records, Skagit County

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


Advertising
The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited seattletimes.com access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Activate Subscriber Account ►