News Feature | May 20, 2016

Data Breach Affecting 59K Announced By Ohio Mental Health Department

By Megan Williams, contributing writer

Retail Breaches

The Ohio Department Of Mental Health And Addiction Services (OhioMHAS) has announced a wide-reaching breach to affected patients. While this breach was not directly related to IT services, it does highlight the importance of being aware of organizational uses of data overall, and not only in the electronic realm.

According to this press release, a postcard was sent to mental health services consumers listing an invitation to participate in a satisfaction survey. The department discovered that the mailing had resulted in the disclosure of PHI on February 25, 2016. Released information included the full name and address of patients. Social security numbers and other information was not released.

Additionally, the postcards did not include information concerning the recipient’s mental health conditions or any services they might have received. The mailing constituted a violation because the survey should have been mailed in sealed envelopes to prevent association of the survey with the recipient.

They survey is conducted annually by OhioMHAS and requests direct feedback around treatment experiences. Responses are used to build quality improvement initiatives and satisfy reporting requirements under the federal Mental Health Block Grant.

Since the violation was discovered, reviews of previous surveys have been conducted and it has found that the postcards have been sent out before. The total impact included 59,000 individuals. To help rectify the situation, OhioMHAS is reviewing its internal processes, including the consumer outreach and data use policies, as well as training for all staff members in the department.

Agency director, Tracy Plouck responded, “OhioMHAS takes very seriously its commitment to the privacy and protection of people receiving mental health treatment. We regret this situation and any concern it may cause, and we are committed to diligently safeguarding consumer information moving forward.”