HomeMy WebLinkAbout20101335.tiff STATE OF COLORADO
GOVERNOR'S OFFICE OF INFORMATION TECHNOLOGY
•
601 East 18th Avenue,Suite 250 G•)r
Denver,Colorado 80203 • ..
Phone(303)764-7700
Fax(303)764-7725
www.colorado.gov/oit Bill Ritter,Ir.
Governor
Leah Lewis
Acting State Chief Information Officer
June 17, 2010
Dear Board of Commissioners:
This is to make you aware of a security incident involving data protected under federal law,
specifically the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In mid-May, a
computer was relocated from the Colorado Department of Health Care Policy and Financing (HCPF)
office location to a secured office area at the Office of Information Technology. On June 4th, an
unauthorized removal of the computer's hard drive was discovered, which initiated an immediate
internal investigation. It has been determined that the hard drive contained Protected Health
Information (PHI), including Medicaid and CHP+-related data.
Although the hard drive did NOT contain addresses, dates of birth, social security numbers, or any
other financial information, the data housed on the hard drive is still sensitive and protected.
Therefore, the Colorado Bureau of Investigation (CBI) has been alerted and is conducting a formal
criminal investigation at our request.
Approximately 111,000 affected clients will receive notification by first-class mail, as required by
HIPAA. Information will be posted on the Department of Health Care Policy and Financing's Web site
at Colorado.gov/hcof.
Please forward all media inquiries that you receive to me at 303-764-7709 or at
dara.hessee(thstate.co.us.
The State takes privacy concerns very seriously and is working through all avenues in an attempt to
recover the missing hard drive.
As additional information becomes available, we will keep you informed.
Sincerely,
i0A44
Dara Hessee
Chief of Staff
Office of Information Technology
0 ��� 2010-1335
i,, 1,%•.•, •• •„•• Increasing the effectiveness ofgovernment through information technology
Esther Gesick
From: Vicky Sprague
Sent: Thursday, June 17, 2010 4:38 PM
To: Esther Gesick
Cc: Jennifer VanEgdom
Subject: FW: Message to Boards of Commissioners from OIT
Attachments: Letter to Boards of Commissioners- HIPAA Data Incident.pdf
Esther: Do you need to process this as correspondence,or do you want me to handle?
Jenny: Sending you a copy of my email to Esther so you can watch the process.
Vicky Sprague, Office Manager
Board of Weld County Commissioners
915 10th Street, 3rd Floor
P. O. Box 758
Greeley CO 80632
Telephone: 970-336-7204
Fax: 970-352-0242
vspraque(a,co.weld.co.us
From: Hessee, Dara [mailto:dara.hessee@state.co.us]
Sent: Thursday, June 17, 2010 4:31 PM
To: Hessee, Dara
Subject: Message to Boards of Commissioners from OIT
Please see the attached communication regarding a recent HIPAA data issue.
Thank you,
Dara V. Hessee
Chief of Staff
Governor's Office of Information Technology(OIT)
601 E. 18th Avenue, Suite 250
Denver, CO 80203
Phone: 303-764-7709
Cell: 303-250-2167
Fax: 303-764-7725
Email: dara.hessee@state.co.us
1
Hello