April 29, 2018
A strange error by the Texas Health and Human Services Commission has seen a former worker sent the PHI of roughly 100 patients after she had been dismissed. She was sent boxes having items that had been gathered from her old desk but was also sent a box of benefits application forms.
After Tracy Ryans, 51, of Houston, was sacked, HHSC posted her two boxes having her private items, which were left on her doorway by the delivery driver. One of the boxes had private stuff that included pens, a coffee cup, and old shoes. The other box had paperwork.
Ryans informed the Texas Tribune that one of the boxes had personal items that didn’t belong to her. They had been taken from a desk she shared with colleagues. The other box was full of paperwork having extremely confidential private information of customers.
The paperwork contained benefits applications that included the Social Security numbers, copies of driver’s licenses, billing statements, and check stubs relating to roughly 100 people. The documents were dated April 13, 2018 – 15 days after Ryans had been sacked.
Ryans got in touch with the Texas State Employees Union to get advice regarding what she must do with the paperwork, after becoming worried that she might be charged with thieving the documents. She was given help returning the paperwork to HHSC.
The reason for Ryans termination after 9 years working for HHSC was a supposed failure to ensure the safety of client information and breaking HIPAA Laws – something Ryans rejects. The posting of PHI to Ryans, who had no legal right to hold the information, would be thought a violation of HIPAA Laws in itself. Nevertheless, at this phase, HHSC has yet to confirm what confidential information was detailed in the documents and whether HIPAA Laws had been unintentionally violated.
The occurrence is currently being investigated by HHSC and the possible secrecy breach has been informed to the Office of Inspector General. If it is established that confidential information was disclosed and HIPAA Laws were violated, steps will be taken to remedy the break and affected people will be informed.
