Division of Aging Services notifies 3,000 clients of data breach

July 24, 2015

ATLANTA – Georgia’s Department of Human Services Division of Aging Services has notified approximately 3,000 clients in the Community Care Services Program of an unauthorized disclosure of their protected health information.
The Department has identified the root cause of the issue, which involved the inadvertent disclosure of certain health diagnoses of affected program participants through an email to a contracted provider, and resolved it.

No other personal information—social security numbers, Medicaid numbers, dates of birth, or contact information—was disclosed.

“While we are confident that this data breach was limited in nature and resolved almost immediately, we are obligated to ensure that our clients and the public can trust the integrity of our programs,” said Georgia’s Human Services Commissioner Robyn A. Crittenden. “We take client privacy very seriously, and it is important that the public is fully aware of this situation and aware of our efforts to prevent such an event in the future.”

To protect against future disclosure of protected health information, the Department has installed additional safeguards in Division of Aging Services programs. All Department staff will undergo additional training on privacy standards.
The Community Care Services Program (CCSP) is a state program that helps people at risk of nursing home placement to remain in their communities. CCSP is managed by the Department of Human Services Division of Aging Services in partnership with Georgia’s 12 Area Agencies on Aging.

Affected clients have been notified of the breach in accordance with federal policy.
Individuals with questions or concerns about the data breach can contact the agency by email at HIPAADHS@dhs.ga.gov (please include CCSP in the subject line) or call 1-844-MYGADHS (1-844-694-2347) and select option 4.