Welcome to Skagit County

NOTICE OF HIPAA BREACH

As originally reported by Skagit County in a November 16, 2011 press release on September 14, 2011, a scanned file of Skagit County Public Health Department receipts for services of 1,581 clients was inadvertently placed on a public web server and picked up by a Google web crawler. These receipts were only for services received between January and September of 2011, and contained the first and last names of patient, the health service received, procedure and diagnostic codes, date of payment, and in cases where patient paid with credit or debit card, the last 4 digits of the card. No social security numbers, addresses, or dates of birth were included. The breach was discovered by the County on September 28, 2011. Upon discovering the disclosure, the County took immediate steps to remove the receipts from the public server in order to mitigate harm to individuals, and conducted an investigation into how the breach occurred.

Since this incident, Skagit County has invested significant resources to increase security of protected health information (PHI). These efforts included restructuring medical receipts so that no specific medical information exists and retaining the services of a cyber-liability security expert to conduct a risk analysis of the County’s management of protected health information. As a result of the risk analysis findings, the County has provided security training to staff and installed numerous system and facility upgrades to enhance security. In addition, Skagit County is implementing a continuous risk mitigation process to identify and mitigate further risks to electronic PHI, also known as ePHI.

If you have questions about this breach, wish to see if your name was on one of the receipts, or need additional information, please contact:

Donnie LaPlante
Skagit County Privacy Officer
(360) 419-7602
Toll free: 1-844-419-7602
privacyofficer@co.skagit.wa.us

Skagit County understands the importance of safeguarding our patients’ personal information and takes this responsibility very seriously. We regret that this incident has occurred, and are committed to preventing any future occurrences.