Compact Discs Containing Unencrypted Personal Data Lost During Shipment

Orange County, California’s Medicaid managed care plan company, CalOptima, is under investigation after personally identifiable information of almost 70,000 members is compromised.

Compact discs storing unencrypted personal data, such as medical records, dates of birth and SOcial Security numbers went missing during shipping from a claim-scanning vendor. The packaging was received but the discs that were inside were missing. Although there have been no reports of the information being used inappropriately, the fact that they went missing is enough to cause concern to members who use their services, making them more aware of identity protection services available to them.

This security breach follows a recent law that went into effect last month regarding the security of healthcare information and the public disclosure of any compromised data from organizations and providers. The law, which is part of the Health Information Technology for Economic and Clinical Health Act (HITECH), exemplifies those who use encryption services to notify the public of any immediate breaches. Unfortunately, since the information was sent unencrypted from the original vendor, the situation is under speculation in regards to why the proper precautions were not taken when shipping the compact discs to CalOptima.