The state Department of Health and Human Services sent private patient information to adult care homes by unencrypted email last year.
The security lapse involved 12,731 Medicaid patients living in adult care homes. On Nov. 30, an employee sent an unencrypted email that included patient names, Medicaid numbers, and the homes where the patients resided. The department notified the U.S. Health and Human Services Office of Civil Rights, and sent letters to patients and their guardians, DHHS said in a statement.
After the lapse, DHHS changed its procedures, using identification numbers in place of names and Medicaid numbers, a department spokeswoman said.
The department said there is no indication the information was intercepted and “has no reason to believe the information was compromised in any way,” the statement said.
Sign Up and Save
Get six months of free digital access to The News & Observer
DHHS has recommended recipients take anti-fraud measures such as putting alerts on their credit files and watching bank and credit card statements for unauthorized activity.
DHHS had a similar security lapse in 2015 involving about 1,600 Medicaid patients when it sent an unencrypted email to Granville County.
In 2013, the department send about 49,000 children’s Medicaid cards, containing Medicaid identification numbers and birth dates, to the wrong addresses.