The New Mexico Human Services Department (HSD) is notifying approximately 9,600 Medicaid members about a data breach that occurred March 20 when a laptop containing their personal health information was found in the trunk of a stolen car in Chicago.
The laptop was in the car of an employee of West Monroe Partners, a subcontractor for DentaQuest, which processes claims and provides dental benefits for New Mexico's Medicaid program. West Monroe is headquartered in Chicago.
The laptop contained patient information, including name, health plan identification number (which in some cases is the individual's Social Security number), and a provider identification number (but not the name of the provider). The computer was password-protected but otherwise did not have safeguards to prevent unauthorized access to the information, according to the HSD.
A police report on the theft was filed, and DentaQuest contacted the HSD about the matter on April 9. As of May 11, the stolen car and laptop still had not been recovered.
"DentaQuest contacted us because they knew this computer had this information on it and that the laptop was in the vehicle," said Betina Gonzales McCracken, a spokesperson with the HSD. "We don't know if anyone has accessed this information, but do know that the information was on the computer."
HSD said it takes unauthorized disclosures of protected health information very seriously and has launched an investigation into the incident. It is working closely with its health plan partners that administer the Salud Medicaid Plan -- Blue Cross and Blue Shield of New Mexico, Lovelace Health Plan, Molina Healthcare, and Presbyterian Health Plan -- to ensure that they and all subcontractors develop appropriate security measures to eliminate incidents of this kind from occurring in the future, according to McCracken.
"DentaQuest is cooperating with its New Mexico clients and the State of New Mexico to assist members affected by a security breach involving potentially exposed personal health information," the company said in a statement emailed to DrBicuspid.com. "The security of our clients’ members is our first priority, and we regret that this incident occurred. DentaQuest has specific policies and procedures in place governing the conduct of employees and vendors that have access to private health information. The importance of these policies and procedures has been emphasized in the wake of this event to prevent such incidents from happening in the future."
The HSD is also encouraging all members to protect themselves by placing a free fraud alert on their credit accounts. In addition to sending member notification letters, HSD has set up a toll-free call line through DentaQuest, 877-453-8424, to take questions from individuals who may have been affected by this incident.
Notification of the breach is also being reported to the U.S. Department of Health and Human Services, pursuant to HIPAA regulations.
Copyright © 2010 DrBicuspid.com
