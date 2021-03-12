ELKHORN — Over 900 emails belonging to those who registered for COVID-19 vaccines were accidentally shared with the public.
On March 11, the Walworth County Department of Health & Human Services announced a breach of the Health Insurance Portability and Accountability Act (HIPAA) related to its vaccine registration process.
After an investigation, the department discovered that on three separate dates — Feb. 16, 24 and 25 — emails were sent to a list of those eligible for vaccines.
The email addresses of each registrant were entered into the "to" line of a message, which allowed each recipient to view the addresses of other registrants.
In total, 907 people were impacted.
According to the department, the only data revealed about registrants were their email addresses and the fact that they were eligible to make an appointment for the vaccine.
But the disclosure violates HIPAA's Privacy Rule. Per HIPAA, the department is required to disclose a breach affecting over 500 residents of a state or jurisdiction to both affected individuals and media outlets.
All individuals whose email addresses were inadvertently disclosed have been notified, according to the department.
In the investigation, the department's privacy officer identified two employees responsible for the breach. The officer concluded that the information was unintentionally released.
“Our consumers’ rights to privacy and our adherence to HIPAA is of the utmost importance to us,” said Aaron Winden, the department's supervisor of compliance and medical records. “We will continue to do everything in our power to prevent situations like this from happening in the future.”
The privacy officer retrained the employees suspected of unintentionally causing the breach. Types of breaches, the ramifications of the mistake, and breach prevention were covered by the officer.
All department employees receive annual training on this subject.
The officer, along with the department's IT services, changed Microsoft Outlook to increase the visibility of the blind carbon copy option. One can send an email to addresses entered in the "Bcc" line and the recipients cannot see the other addresses.
Resources and training to public health staff were also administered by the officer. All DHHS employees receive annual training on this subject, so none of it was new information to the identified employees. But they were retrained.
The department is also including a reminder in its monthly internal newsletter reminding everyone agency-wide of the importance of using the “Bcc” line in emails.
It is not believed that residents must take any immediate steps to protect themselves from any additional impact.
Anyone with questions can call 262-741-3400 or visit www.co.walworth.wi.us/304/Health-Human-Services.