KHPA informing consumers of an alleged loss of data CD

[Dissent <Dissent () pogowasright org>]

Sounds more like data misplacement than loss, and wouldn't post it to 
DL at this time, unless you want to...?  Giving you the whole 
article, because as I read it, it seems like overkill...?  Don't even 
have numbers...

http://www.49abcnews.com/news/2007/mar/23/khpa_informing_consumers_alleged_loss_data_cd/


The Kansas Health Policy Authority (KHPA) began notifying a small 
number of individuals that a computer disk containing information 
about their health records and identity may have been lost within the 
agency. A letter sent to the affected individuals should be received 
in the mail Friday.

The password-protected disk was mailed to the KHPA by a company that 
helps process information about people receiving benefits. KHPA did 
receive the package with the disk, but the disk did not reach the 
person who was supposed to receive it. There is no evidence that the 
disk went beyond our office, the password was broken, or any 
information was taken off the disk.

"The security of our customers' personal information is a serious 
matter and of the utmost concern to KHPA. We will continue to 
investigate this incident, and we have begun to further strengthen 
our standards of security," said Marci Nielsen, PhD, MPH, Executive 
Director of KHPA. "At this point, we have no reason to believe the CD 
has been taken for anyone's personal gain through use of the personal 
information contained on the CD."

The KHPA's offices are secure. Employees and visitors must enter with 
a pass key or pass by a receptionist. Visitors are always escorted.

KHPA is taking every step to ensure that individuals' information is 
kept private and is not compromised Friday and in the future. KHPA 
has conducted its own investigation, and as a result, is changing how 
it manages mail and other processes. Even though KHPA has a privacy 
officer, the agency will hire an additional person to help protect 
the privacy and security of customers' information.

"The Board's Executive Committee was informed of this issue once we 
became aware of the situation. As an added precaution, I asked the 
Kansas Attorney General and the Kansas Bureau of Investigation to 
conduct an investigation. Their findings support our belief that the 
disk has been lost within the agency, and it is nothing more than 
simple human error," said Nielsen.

Although KHPA does not believe someone outside the office has gained 
access to the information on the disk, the letter sent to individuals 
today includes steps as to what they can do to protect their private 
health and identity information.

For individuals who have been affected by this lost data disk, a 
support line has been established at 785.296.3981. As a precaution, 
individuals who call for additional information will be asked to 
provide the customer identification number listed on the letter.

--
Main site: http://www.pogowasright.org
Main RSS feed: http://www.pogowasright.org/backend/pogowasright.rss
Breaches RSS feed: http://www.pogowasright.org/backend/breaches.rss 

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 158 million compromised records in 601 incidents over 7 years.