UDOH reports Medicaid client data loss

Posted at 3:44 PM, Jan 16, 2013
and last updated 2013-01-16 17:44:49-05

SALT LAKE CITY – The Utah Department of Health says it’s suffered another electronic data problem, this time through a third-party contractor.

In a press release sent Wednesday, UDOH says that Goold Health Systems, a contractor that processes Medicaid pharmacy transactions for the department, misplaced the personal information of around 6,000 Medicaid clients.

UDOH says that a Goold Health Systems employee saved the personal health information on an unencrypted portable USB drive, left UDOH headquarters and lost the device while traveling between Salt Lake City, Denver and Washington, DC.

The misplaced information includes a Medicaid recipient’s name, Medicaid identification number, age (but not date of birth) and recent prescription drug use history.

“There were no Social Security numbers or financial information included in the data, so we believe the potential risk for identity theft is minimal. Further, we have no reason to believe the data were targeted by anyone to be used for malicious purposes,” said UDOH Deputy Director and state Medicaid Director Michael Hales in the press release.

Hales says the department is taking all reasonable precautions to make sure the missing data can’t be used to defraud clients or compromise the Medicaid program. Additionally, the Office of the Inspector General for Medicaid Services has been notified and will be monitoring for suspicious activity.

Medicaid clients whose information was involved will be receiving letters from UDOH within the next couple days.

UDOH Executive Director Dr. David Patton says the department will review Goold Health Systems’ contract and that they expect disciplinary action be taken against the employee who lost the data.

This is not the first time UDOH has faced an electronic data problem with Medicaid clients. In April 2012, tens of thousands of Medicaid clients had their data accessed by hackers who managed to get through a UDOH server’s multi-layered security system.

Data compromised included client names, addresses, birth dates, Social Security numbers, physicians’ names and tax identification numbers.

For more information, Medicaid clients can call 1-800-662-9651 and select option 1 and then option 2, or e-mail