The Georgia Department of Human Services has revealed that employees in Augusta, GA improperly shared of confidential case files that geld the healthcare records of individuals who received services from the Division of Family & Children Services (DFCS) before June 12, 2017 and people who received services from the Division of Aging Services (DAS) before 2017.
After being warned about the incident, swift action was taken to recover the boxes to prevent them from being accessed by unauthorized people. The Georgia Department of Human Services does not think that the files were accessed by unauthorized individuals during the time the files were left unsecured. All impacted patients are being made aware of the breach and policies and procedures are being reviewed to prevent similar incidents going forward.
According to the breach summary published on the HHS’ Office for Civil Rights breach portal, the files contained the records of up to 500 people.
Meanwhile, NeoGenomics is contacting 911 patients to inform them that a portion of their PHI may have been been accidentally shared to an unauthorized person.
On January 28, an employee was speaking to a patient about completing and returning a form to NeoGenomics and accidentally attached and sent the incorrect Excel spreadsheet. The spreadsheet sent to the patient included data of patients who had laboratory tests carried out between January 2018 and October 2019.
The spreadsheet included patients’ first and last names, dates of birth, and the name of the tests completed by NeoGenomics. The results of the tests were not listed on the spreadsheet and no other information was impermissibly shared. The mistake was reported to NeoGenomics by the patient, who confirmed in writing that the spreadsheet has been removed.
As a precautionary measure, NeoGenomics has offered impacted individuals free credit monitoring services. NeoGenomics reports that the individual who made the mistake and has retrained and the workforce has been told to review documents and spreadsheets to ensure they are proper before being sent over email.