Privacy & Security

Ohio mental health and addiction services agency discloses PHI of 59,000 people

OhioMHAS sent clients a postcard inviting them to take part in a satisfaction survey, thereby disclosing that the individuals had received treatment. And it’s not the first time the department has sent such a postcard.
By Bernie Monegain
May 09, 2016
04:42 PM

The Ohio Department of Mental Health and Addiction Services notified the public – and 59,000 clients – that it disclosed their personal health information.

The incident involves a February 2016 postcard sent to consumers of mental health services inviting participation in an upcoming satisfaction survey. The department discovered on February 25 the postcard mailing violated HIPAA rules.

But it seems at least a few people at the department might have realized the postcards would pose a problem.

The Feb. 25 incident resulted in a review of mailings from previous surveys, and the department discovered that similar postcards sent in previous years also resulted in a breach of protected health information.

The information released included: full name, address and a request that the person participate in a services satisfaction survey through OhioMHAS.

[Also: NewYork-Presbyterian Hospital to pay $2.2 million for 'egregious disclosure' of PHI in HIPAA violation]

The postcards did not include social security numbers or other information that could lead to potential identity theft. They also did not include specific information about the recipient’s mental health condition or services received.

Notices about the survey, however, should have been sent in sealed envelopes to avoid association of the recipient mental health or addiction services.

The consumer satisfaction survey is conducted annually by OhioMHAS, and solicits direct feedback about treatment in order to guide quality improvement initiatives and respond to reporting requirements for the federal Mental Health Block Grant.

OhioMHAS Director Tracy Plouck issued a statement of apology. “We regret this situation and any concern it may cause, and we are committed to diligently safeguarding consumer information moving forward,” Plouck said.

OhioMHAS is conducting a thorough review of its internal processes and policies relating to consumer outreach and data use, officials note in a statement. The agency also added to the existing training for all department staff members.

OhioMHAS notified individuals affected via U.S. mail using sealed envelopes, as well as through a notice on the OhioMHAS website.

Twitter: @Bernie_HITN
Email the writer: bernie.monegain@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Topics: 
Privacy & Security

More regional news

Empty hospital bed with many monitors around

IoT and ransomware are big security risks, and health systems feel unprepared

By
Nathan Eddy
December 26, 2024
Valentina Baljak

UVA Health RAMPs up AI and real-time analytics

By
Bill Siwicki
December 26, 2024
Hand hovers over computer keyboard

Ascension cyberattack exposed medical data of 5.6M customers

By
Nathan Eddy
December 26, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Dr. Stephanie Lahr
What will AI do for telemedicine in 2025? More than you might think

Most Read

HC3 alerts providers of Scattered Spider threat
New Oracle EHR promises AI-enabled reinvention
Work like 'a beehive, an ant colony' to protect against cyber intruders
Majority of cyberattacks are through third-party vendors
Cyberattack roundup: Ransomware hits Georgia hospital and Colorado pathology services
Google sets mandatory MFA deadline for all cloud accounts

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Karlina Tjoa of the Singapore Ministry of Health's Office of Healthcare Transformation_HIMSS24 APAC
Singapore develops mobile mental health app
Will Cantrell at InteliChart_Exploding electric bulb Photo by tiero/iStock/Getty Images Plus
Long-term care and the role of communication and admin processes
Janice Reese at FAST_Healthcare Cybersecurity Forum 2024
How the federal FHIR draft plan is prioritizing patient empowerment
John Saran at Holland & Knight_Modern office buildings in London Photo by Tim Grist Photography/Moment/Getty Images
PE and healthcare investment: What's next for 2025

More Stories

Doctor shaking hands with executive
Beyond the logo: The healthcare executive’s guide to creating genuine healthcare technology partnerships
Two staff treating an ICU patient in bed
$2M e-ICU project to be launched in regional Korea
John Saran at Holland & Knight_Modern office buildings in London Photo by Tim Grist Photography/Moment/Getty Images
PE and healthcare investment: What's next for 2025
Capitol rotunda at sunset
Congress releases AI policy blueprint
Epic booth at HIMSS global conference
Epic files to dismiss antitrust lawsuit
Healthcare worker talking to patient
New infusion pumps may help lighten nurses’ workload
Representatives of NUS Medicine, Kailuan General Hospital, Tianjin Medical University, and Tianjin Medical University General Hospital pose after signing their MOU
Chinese hospitals join NUS Medicine's big health...
A doctor and their patient in a video conference with other specialists
Project to launch Vietnam's first AI virtual...