Potential Breach of Patient Health Information

ELK GROVE (March 24, 2017) – On February 9, 2017, following an investigation, California Correctional Health Care Services (CCHCS) sent out 738 notification letters for a privacy breach of Personally Identifiable Information (PII) and Protected Health Information (PHI) that occurred on January 23, 2017. A staff member inadvertently included a non-CCHCS employee email address on an email intended for internal use only, sent through an encrypted email network. CCHCS sent a mitigation email to the unintended recipient requesting they confirm that they did not disclose the email and had deleted it. CCHCS received confirmation of those requested actions from the email recipient.

Under current federal regulations, an entity shall, following the discovery of a breach of unsecured protected health information, notify each individual whose unsecured protected
health information has been, or is reasonably believed by the covered entity to have been, accessed, acquired, used, or disclosed as a result of such breach.

“CCHCS is committed to protecting the personal information of our patients,” said Joyce Hayhoe Director of Communications and Legislation. “Appropriate actions were immediately implemented and shall continue to occur. This includes, but is not limited to, corrective discipline, information security training, procedural amendments, process changes and technology controls and safeguards. As necessary, policies, risk assessments and contracts shall be reviewed and updated.”

Persons who feel they may have been affected by this potential data breach can contact our department with questions or concerns:

California Correctional Health Care Services
Controlled Correspondence Unit
PO Box 588500
Elk Grove, CA 95758-8500