Texas Health and Human Services Commission Employees Fired for HIPAA Privacy Rule Violation

by | Jan 26, 2025

The Health and Human Services Commission (HHSC) in Texas discovered multiple agency workers who have violated the HIPAA Privacy Rule. The workers were found to have accessed the information of 61,000 people who acquired agency services with no legitimate work reason and without HHSC’s authorization.

The information impermissibly viewed includes complete names, home addresses, phone numbers, birth dates, Social Security numbers, Medicare and Medicaid numbers, financial data, job details, benefits data, medical insurance data, medical certificates, and other personal data. The types of data viewed differ from one person to another.

HHSC discovered the unauthorized access on November 21, 2024, and conducted an internal investigation, which revealed that the unauthorized access happened from June 2021 to December 2024. HSCC didn’t reveal how many agency workers were involved, why the unauthorized access occurred, how it discovered the privacy violation, or why it took such a long time to know about the unauthorized access.

Because the privacy violations carried on for 3.5 years, it shows that HHSC wasn’t checking access records to determine unauthorized access by workers or that the tracking systems were not useful. HHSC stated that the incident had been reported to the Texas Health and Human Services Office of Inspector General (OIG) and will be investigated, The OIG will also work with prosecutor offices to file criminal charges against the people responsible.

HHSC mailed the notification letters to the impacted people who were instructed to properly evaluate their accounts and statements obtained from their medical care providers, financial organizations, and insurance firms for possible fraudulent transactions and notify them of these suspicious transactions. Individuals who received services with the Supplemental Nutrition Assistance Program (SNAP) were instructed to keep track of fraudulent activity in their Lone Star Card transactions. Investigations are ongoing to know the effect on other HHSC services, and other impacted people that might be identified.

The impacted people were provided free credit monitoring and identity theft protection services. HHSC mentioned that it is improving its internal security settings and is focusing on applying extra fraud prevention procedures, such as improving monitoring and warnings to identify suspicious activity and providing HIPAA training to employees.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy