There has been a potential breach involving Medicaid Beneficiary’s Personal Health Information data. On July 6, 2021, Patient data was sent via email to a new Medicaid Care Manager without being encrypted first, which is a way of securing information so that no one but the intended recipient can access it. This was the result of a simple error, and not any malicious act.
The data did go to the correct recipient via email, but it was not secured first, which is a violation of the HIPAA act. The likelihood of this data being intercepted by anyone but the intended recipient is low, but Hot Springs Health Program feels that you have the right to know that this occurred, and what data was included.
The data in question was a spreadsheet that may have had your name, date of birth, and Medicaid ID number on it. No other Personal Health Information was transmitted.
The recipient of the email immediately and permanently deleted it, and HSHP then encrypted and resent the email in the proper, secure manner. However, due to the nature of email, there is a remote possibility that someone could have improperly accessed that data.
We apologize for this incident, and hope you will continue to trust us with your health care needs, as we always do our best to protect your personal information.
Thank you for your understanding,
Hot Springs Health Program