What Happened:
On December 10, 2009, Hale Kipa learned that several of its client files and accounts receivable files (hard copy files, not electronic files) had inadvertently been disposed of in a manner that did not ensure the privacy of the information. It had been intended that the files be transferred, by a Hale Kipa employee, from Hale Kipa’s secure on-site storage to Hale Kipa’s secure off-site storage. Instead, they were placed in a trash bin for disposal. Hale Kipa investigated this incident and has determined boxes containing records of some clients in Hale Kipa’s Child and Mental Health Program (“Client Files”) as well as boxes containing some of Hale Kipa’s accounts payable records (“Accounts Payable Files”), may have been inadvertently disposed of in a manner that did not ensure the privacy of the information. This occurred at some between October 23 and December 7, 2009 for the Client Files, and at some time between November 23 and December 7, 2009 for the Accounts Payable Files.
Hale Kipa has attempted to determine the identities of clients whose records are involved, but has been unable to do so. It has determined that the Client Files were only from its Child and Mental Health Program, and that the total number of clients at risk is fewer than five hundred.
Description of Information Involved:
Some of the client files contained Protected Health Information, which is information about the physical or mental health of an individual from which the identity of the individual can be determined. This would include whatever information Hale Kipa had about a particular client, and could include: name, Social Security number, date of birth, home address, account number, disability code, information regarding the health of the individual. If parental information was provided to Hale Kipa, that information was also in the files.
What Are the Risks:
The files may have been destroyed without anyone seeing them; but there was an opportunity for unauthorized persons to access the files. This creates possible risks for clients whose information was involved. The risks include possible identity theft, which would occur if a criminal were to use personal client information, such as name, address, Social Security number, birth date, to apply for credit in the client’s name. There also is a risk that Protected Health Information could be made public.
Steps You Can Take To Protect Yourself:
Although there is no evidence that your personal information was actually accessed, it could have been. Hale Kipa urges you to take routine protective measures against identity theft. These include:
Obtain and carefully review your credit reports. You can order free credit reports from all three of the major credit agencies at http://www.annualcreditreport.com, or by calling 877-322-8228.
Review your bank and credit card statements regularly and look for unusual or suspicious activities.
Contact appropriate financial institutions immediately if you notice any irregularity in your credit report or any account.
For a more detailed list, Identity Theft Checklist: here
What Hale Kipa is Doing to Investigate, Mitigate Losses and Protect Against Further Breaches:
Hale Kipa has made a report of the loss to the Honolulu Police Department and has attempted to determine the names of all clients whose files were involved. It also has conducted an internal investigation to prevent this from happening again and to improve operational procedures for the handling and transport of files containing health and personal information. The individual involved in this incident is no longer employed by Hale Kipa.
Contact Information:
If you have questions or need additional information, please contact:
Janowicz, Director of Quality Improvement & Facilities
Hale Kipa, Inc., (808) 589-1829 x111 or tracy@halekipa.org
|
|
