ELK GROVE (May 13, 2016) – On April 25, 2016, following an investigation, California Correctional Health Care Services (CCHCS) declared a potential breach of Personally Identifiable Information (PII) and Protected Health Information (PHI) that occurred on February 25, 2016. A staff member’s non-encrypted, password-protected laptop was stolen from their personal vehicle. This laptop may have contained PII and PHI for patients within the California Department of Corrections and Rehabilitation incarcerated between the years 1996 and 2014.
Under current federal regulations, an entity shall, following the discovery of a breach of unsecured protected health information, notify each individual whose unsecured protected
health information has been, or is reasonably believed by the covered entity to have been, accessed, acquired, used, or disclosed as a result of such breach. (See second page attachment for copy of the Privacy Breach Notification Letter.) As we may not have current contact information for all persons potentially affected, we are taking additional steps of awareness including but not limited to a posting to our web site and notification to the media.
“CCHCS is committed to protecting the personal information of our patients,” said Joyce Hayhoe Director of Communications and Legislation. “Appropriate actions were immediately implemented and shall continue to occur. This includes, but is not limited to, corrective discipline, information security training, procedural amendments, process changes and technology controls and safeguards. As necessary, policies, risk assessments and contracts shall be reviewed and updated.”
Persons who feel they may have been affected by this potential data breach can contact our department with questions or concerns via the following methods: