Six months passed after the Douglas County Department of Health and Human Services uncovered an employee's unauthorized access to HIPAA information before the incident was disclosed to the public. This delay raises significant concerns about how health departments manage sensitive data and their accountability in safeguarding it.
Police Chief Paul Winterscheidt confirmed that although the investigation revealed unauthorized access to HIPAA information, it was unlikely that this information was shared further. However, the lack of criminal charges highlights potential weaknesses in the accountability of individuals within health departments.
The county's notification revealed that letters were sent to 316 impacted individuals, yet the number of those affected remains unclear. This inconsistency in communication from the county raises concerns about transparency and the effectiveness of their breach notification process.
Questions regarding the duration of the unauthorized access's detection—from August 2022 to May 2024—remain unanswered, prompting inquiries about the security measures in place, or lack thereof, to prevent such breaches.
Collection
[
|
...
]