Presentation is loading. Please wait.

Presentation is loading. Please wait.

Georgia Department of Human Services Division of Aging Services (DAS): Data Breach Presenter:Harold Johnson Acting General Counsel Presentation to: Board.

Published byMay Marsha Porter Modified over 9 years ago

Similar presentations

Presentation on theme: "Georgia Department of Human Services Division of Aging Services (DAS): Data Breach Presenter:Harold Johnson Acting General Counsel Presentation to: Board."— Presentation transcript:

1 Georgia Department of Human Services Division of Aging Services (DAS): Data Breach Presenter:Harold Johnson Acting General Counsel Presentation to: Board of Human Services Date:August 26, 2015 Georgia Department of Human Services

2 Table of Contents Attached are the Details of the Georgia Department of Human Services (DHS) June 8, 2015 data breach presented as follows: Topic/Content Slides Breach Incident Details5 Mitigating Factors6 Mitigation After the Breach7 Notification by DHS8 Feedback After Public Notice9-10 Agency Action to Correct and Prevent Future Breaches11-12 2

3 Vision, Mission and Core Values Vision Stronger Families for a Stronger Georgia. Mission Strengthen Georgia by providing Individuals and Families access to services that promote self-sufficiency, independence, and protect Georgia's vulnerable children and adults. Core Values Provide access to resources that offer support and empower Georgians and their families. Deliver services professionally and treat all clients with dignity and respect. Manage business operations effectively and efficiently by aligning resources across the agency. Promote accountability, transparency and quality in all services we deliver and programs we administer. Develop our employees at all levels of the agency. 3

4 Definitions CCSP = Community Care Services Program – Home & Community Based Medicaid waiver program under 1915c HIPAA = Health Insurance Portability and Accountability Act – federal regulations for the protection of PHI PHI = Protected Health Information – an individuals sensitive health records and private information 4

5 Incident Details Date of the Incident: June 8, 2015 Date Incident Discovered: June 9, 2015 What Occurred: –CCSP State Office staff member sent an email to a vendor which included a spreadsheet with PHI (medical diagnosis) for almost 3000 CCSP participants. How Discovered: –That staff member sent a message to her Manager after she sent the email asking if what she had done was alright. Her manager contacted the Director of the Division of Aging services. 5

6 Mitigating Factors: This was not the result of a system hack or malicious attack on database. The information in the spreadsheet did not contain data that is commonly associated with identity theft. –It did not contain social security numbers, dates of birth, Medicaid numbers, or contact information. Staff did not hide information or try to evade detection of incident. 6

7 Mitigation after breach: On June 9 th, DHS Associate General Counsel contacted the three individuals at the vendor and instructed them to delete the email, delete any copies or versions of the data, to report if that data had been used or shared in any manner, and to respond when those steps were complete. The three individuals responded and each attested that the information was deleted and not saved or shared in any manner. DAS believes these statements to be credible and that the vendor has taken the required steps to prevent harm to the constituents. 7

8 Notification by DHS Pursuant to federal HIPAA regulations for incident notification: Letters were mailed to all named individuals Press release made statewide regarding incident Information links provided on DHS and DAS websites Metro Atlanta phone number provided for inquiries in addition to the DHS toll free number DHS email address provided for inquiries 8

9 Feedback after public notice Public Responses to notice: 3 inquiries by email 51 inquiries by phone 50 letters were “returned to DHS” for incorrect address 9

10 Feedback after public notice Department Responses to Public OLAC handled media inquiries All inquiries have had timely response All returned letters were given to CCSP to follow up on and re-send with correct address Notice posted on home page of DHS website 10

11 Agency Action to Correct and Prevent Data Breach Task Force –To create Department standards to minimize the risk of future breaches –If breach does occur, to have standards for rapid response and minimized exposure –To create policy for timely compliance with all HIPAA and other reporting requirements 11

12 Agency Action to Correct and Prevent DHS Department-wide HIPAA training –Updated training is required for all staff by Dec. 31, 2015. –First group of training with DAS was completed by June 30, 2015 with all DAS employees. Updated policies –DAS: All “data” sharing must be reviewed and must complete approval process which includes a review by the Division Director or his delegate. 12

13 Questions 13

Download ppt "Georgia Department of Human Services Division of Aging Services (DAS): Data Breach Presenter:Harold Johnson Acting General Counsel Presentation to: Board."

Similar presentations

Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Support Services Webinar Presenter: Walker E. Solomon II. Michelle Farrington, TaJuanna Taylor Presentation to: Regional Accounting Staff, DFCS Contract.

Support Services Webinar Presenter: Walker E. Solomon II. Michelle Farrington, TaJuanna Taylor Presentation to: Regional Accounting Staff, DFCS Contract.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA What’s New? 2010. What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.

HIPAA What’s New? What Is HIPAA Health Insurance Portability and Accountability Act of 1996 Health Insurance Portability and Accountability Act.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A

Protecting Client Data HIPAA, HITECH and PIPA Part 1A
Presented to: DHS Board of Directors Date: February 18, 2015 DHS Legislative Update Georgia Department of Human Services.

Presented to: DHS Board of Directors Date: February 18, 2015 DHS Legislative Update Georgia Department of Human Services.
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A. 2618 Centennial.

Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Presented to: DHS Board of Directors Date: April 15, 2015 DHS Legislative Update Georgia Department of Human Services.

Presented to: DHS Board of Directors Date: April 15, 2015 DHS Legislative Update Georgia Department of Human Services.
Georgia Department of Human Services Medical Director Presentation to DHS Board of Directors Presenter: Debora S. Johnson, MD Presentation to: DHS Board.

Georgia Department of Human Services Medical Director Presentation to DHS Board of Directors Presenter: Debora S. Johnson, MD Presentation to: DHS Board.
DHS LEADERSHIP ACADEMY Presenter: Rosemary Calhoun Presentation to: DHS Leadership Date: July 16, 2014 Georgia Department of Human Services.

DHS LEADERSHIP ACADEMY Presenter: Rosemary Calhoun Presentation to: DHS Leadership Date: July 16, 2014 Georgia Department of Human Services.
The Georgia Alzheimer’s and Related Dementias State Plan ► History and Year-One Progress Presenter: Cynthia Haley Dunn Division of Aging Services Presentation.

The Georgia Alzheimer’s and Related Dementias State Plan ► History and Year-One Progress Presenter: Cynthia Haley Dunn Division of Aging Services Presentation.
The Georgia Alzheimer’s and Related Dementias State Plan Presenter: Dr. James Bulot Director, DHS Division of Aging Services Presentation to: Georgia Department.

The Georgia Alzheimer’s and Related Dementias State Plan Presenter: Dr. James Bulot Director, DHS Division of Aging Services Presentation to: Georgia Department.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Similar presentations

Ads by Google