An employee of A Multnomah County Health Department automatically forwarded all emails from county email account to a personal Google email account. The recipient email account is not maintained by the Oregon county. PHI was present on some of the emails. The incident has created a PHI breach.
On November 22, 2016 facility came to know about the incident during an audit. Facility mentioned that it found no evidence of the emails getting misused. It also concluded that personal account had been deleted after the investigation. It is no longer available to the employees.
PHI was present in the email attachments because it was attributed to a member of the Health Department. Potentially affected information included individuals’ names, medical record numbers, prescription numbers, diagnoses, and dates of service. As per the OCR data breach reporting tool, incident affected 1,700 individuals.
Facility also mentioned that there is no presence of any patient’s Social Security number, home address, or phone number.
Multnomah County and the County Health Department are also monitoring any activity involving patient information. It is also taking measures to increase protections of personal information in response to this incident.
“We have policies and procedures for handling personal information which were reviewed with the staff member involved in this incident,” the department explained. “We are also reviewing controls, business practices and policies to increase protections of personal information in response to this incident.”
About Multnomah County:
Around 766,135 residents in the country
Total area of 465 square miles
It includes cities like Fairview, Gresham, Maywood Park, Portland, Troutdale, Wood Village
County Employees number count is 5,600 people
Facility provides Services for seniors and disabled people, animal services, assessment and taxation, bridges, community justice, courts, elections, health, jails, libraries, marriage licenses and passports, school and community partnerships.
Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.