Spokane health district apologizes for release of patient data

The disclosed information included COVID-19 test results and hospitalization status, according to the Spokane Regional Health District.

SPOKANE, Wash. — The Spokane Regional Health District is apologizing on Monday after it accidentally disclosed personal health information to a partner agency. 

According to a press release, SRHD discovered the unauthorized disclosure to Northeast Washington Educational Service District 101 on Tuesday, Sept. 8. Recipients included school administrations and nursing staff.

Dr. Bob Lutz, who serves as Spokane County Health Officer, said during a press conference on Monday that the health district has been “working very closely” with school districts over the past few months and “a lot of materials” have gone out to ESD 101 during that time. 

The disclosed information included first and last name; date of birth; gender; address; phone number; race; employer; COVID-19 testing and results; and COVID-19 hospitalization status.

Amelia Clark, who serves as SRHD Administrative Officer, said in the press release that the health district is investigating the incident and will implement corrective actions to prevent unauthorized disclosure of information in the future. 

“We are very sorry to have accidently released confidential information to a partner agency,” Clark said. “We are confident that this agency shares our concern and commitment to safeguard your personal information, yet we will work diligently to ensure that it does not happen again.” 

Those whose information was included in the disclosure have been notified, the press release says. No Social Security numbers or financial information were noted on any of the documents, but those affected are encouraged to monitor their bank accounts and report any suspicious activity immediately. 

Explanation of Benefits (EOB) from insurance companies should also be monitored for possible identify theft activities. 

Lutz said the release of data was retracted within 30 minutes and “only a few people apparently opened it.” He called the accidental disclosure “an unfortunate error.”

Access to this data has always been limited to epidemiologists and diseases investigators prior to the breach, Lutz said. He added that the health district has already implemented additional security measures, such as password protections, to prevent another accidental disclosure. 

SRHD’s HIPAA officer can be reached at 509-324-1439 for any questions or requests for additional information.  

Source Article