HIV, AIDS Names E-Mailed by Health Dept

[OneFinger]

A highly confidential list of the names and addresses of 4,500 Palm Beach County residents with AIDS and 2,000 others who are HIV positive was e-mailed Thursday to more than 800 county health department employees...

 

"My first reaction is shock and fear," said Plakas, a former HIV specialist for the Centers for Disease Control and Prevention's national AIDS Clearinghouse. "I wish we could say that the stigma attached to HIV/AIDS has faded and disclosing that someone is affected would be the same as any other communicable disease, but that is not the case." (emphasis added my me.)

 

Read the entire article at:

 

http://www.palmbeachpost.com/news/content/news/epaper/2005/02/20/m1a_HIVemail_0220.html

 

In another post there is a discussion about mandatory testing. Confidentiality, the stigma still associated with HIV, and insurance concerns are the main reasons I fully support anonymous testing.

 

Kind of hard for someone to track you down on this e-mail list if you're tested under the name of Mickey Mouse, George Bush, or Bill Clinton. ;-)

[noviceny]

WOW !!!!

 

>If made public, release of the information could have devastating effects on the lives of people with AIDS or who are HIV positive, said Tony Plakas, the executive director of COMPASS, a Palm Beach County gay and lesbian advocacy organization. It also would violate federal patient privacy regulations.<

 

It would also give the people on the list instant millionaire status...can you imagine the lawsuit on this one ?

 

This sounds like one of those "what if" stories that no one really believes can happen

[seaboy4hire]

Just the fact that the names were "accidently" emailed out to other health officals I would think would be breaking that patient privacy issue. I think that either the State of Washington or the city I used to live in and grew up in keeps track of those who are positive but their names are replaced by numbers. Still this is a big issue that could happen in much larger cities like LA, NY, or Chicago.

 

Hugs,

Greg

Greg Seattle Wa [email protected]

http://www.male4malescorts.com/reviews/gregseattle.html

http://seaboy4hire.tripod.com

[buckguy]

Washington State uses "unique identifiers", as does California. New York did this in the past, but I am not sure what they do now. Local health departments may have latitude to do something different for their case files, depending on state laws. A public clinic seeing HIV+ patients would use names (and probably SSNs) as identifiers because of the need to track people over time. Most states have named reporting now; about half the states have always had it. Until now, the argument has always been that jurisdictions with named reporting didn't have breaches of privacy.

[+ deej]

[blockquote]

Health department statistician John W. "Jack" Nolan, who compiles data on HIV/AIDS cases for the county, sent the e-mail containing his monthly cumulative statistics report and inadvertently attached a file[/blockquote]

 

Emphasis mine.

 

People who have access to confidential data should NOT have access to email on the same computer (or login ID). If they have to move to a different computer (or log in with a different ID), with different access rights, human error like this will be eliminated.

 

This is a management issue. Impotent agency management has allowed inappropriate IT policy. Heads should roll, but not the guy who was put in a place where a mistake like this was easy to make and bound to happen.

 

Careless mistakes happen every day. In this case, the careless mistake was an IT management mistake.

[+ deej]

[blockquote]

Health department statistician John W. "Jack" Nolan, who compiles data on HIV/AIDS cases for the county, sent the e-mail containing his monthly cumulative statistics report and inadvertently attached a file[/blockquote]

 

Emphasis mine.

 

People who have access to confidential data should NOT have access to email on the same computer (or login ID). If they have to move to a different computer (or log in with a different ID), with different access rights, human error like this will be eliminated.

 

This is a management issue. Impotent agency management has allowed inappropriate IT policy. Heads should roll, but not the guy who was put in a place where a mistake like this was easy to make and bound to happen.

 

Careless mistakes happen every day. In this case, the careless mistake was an IT management mistake.

[Guest zipperzone]

>[blockquote]

>Health department statistician John W. "Jack" Nolan, who

>compiles data on HIV/AIDS cases for the county, sent the

>e-mail containing his monthly cumulative statistics report and

>inadvertently attached a file[/blockquote]

>

>Emphasis mine.

>

>People who have access to confidential data should NOT have

>access to email on the same computer (or login ID). If they

>have to move to a different computer (or log in with a

>different ID), with different access rights, human error like

>this will be eliminated.

 

INADVERTENTLY?

 

HUMAN ERROR?

 

Give me a break! How can one accidently attach a file to an e-mail?

[+ deej]

>INADVERTENTLY?

>

>HUMAN ERROR?

>

>Give me a break! How can one accidently attach a file to an

>e-mail?

 

Idiot operator mistakes happen EVERY DAY.

 

A friend once asked HR about cashing in her stock options because she was considering leaving that dot-com startup. The HR drone replied, inadvertently copying EVERY EMPLOYEE IN THE COMPANY.

 

Email and confidential data DO NOT MIX well, and SHOULD NOT BE ALLOWED TO MIX. Murphy will see to it that there is a blunder. The more sensitive the data, the more spectacular the blunder.

[OneFinger]

>Give me a break! How can one accidentally attach a file to an e-mail?

 

Well, I don't know for sure what happened but here is what I "suspect" may have happened. (I've done it before but not with any serious consequences.)

 

[li]The guy works on his list, composes an e-mail, attaches the file with all the confidential info.

[li]He clicks on the "To" icon on his e-mail to see a list of people in the address book.

[li]Before he gets a chance to select a specific person, the phone rings and his attention is diverted.

[li]Without realizing it, he accidentally selects "global list".

[li]After the phone call he returns to the e-mail, selects the people to get the e-mail (doesn't see he's accidentally selected "global list"), and sends the e-mail to everyone in the address book. (When this happened to me I sent an e-mail to over 5,000 co-workers in several different states.) [/li]

 

This type of thing happens all the time when responding to e-mail. Instead of selecting "Reply" you accidentally hit "Reply All" and your e-mail reaches more than the intended person. How many times have you accidentally hit "Post Message" when you meant to select "Preview Message"?

 

I totally agree with Deej that this is a result of poor IT policies. I had never thought of restricting e-mail access on the computer with sensitive data. Makes sense.

 

Also, like others have mentioned, there is no nation-wide standard for keeping info for contact tracing. Some states use a number system (but there still has to be a way to relate the number to the actual name). Other states, like Utah, offer anonymous testing where you never have to give a name, ID, or other info. (The state issues you a unique number each time you test and they have no way of knowing your name.)

 

I bet this health department worker is going through pure hell. I don't doubt it was accidental but it was certainly preventable.

[+ glutes]

Why don't we tie 2 stories together...

 

 

OneFinger Thu Feb-17-05 04:48 AM

Charter member

1114 posts Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list

#79794, "Mandatory HIV Testing for Everyone!"

 

 

 

 

 

 

Results of a new national survey of 864 physicians and 1,339 members of the general public revealed that a significant majority of both groups believe that mandatory, federally funded HIV testing would improve the overall health of the U.S. population.

 

Read the whole story at:

 

http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20050216005804&newsLang=en

 

 

Alert Printer-friendly copy | Reply | Reply with quote | Top

[buckguy]

Most people forget to to attach the file and most people hit "reply" instead of "reply to all". The fact of the matter is, it should not have been easy to do any of this, which is deej's point.

 

The survey about testing was a web survey, which is to say that the sampling was worthless and the results meaningless.

[OneFinger]

RE: Letters to HIV+ People

 

Well, since the e-mail of the HIV+ list by the Palm Beach County Health Department, annonymous letters are now being sent to HIV+ people.

 

Three law enforcement agencies have launched a criminal investigation to find out who is sending letters threatening the privacy of the 4,500 AIDS patients and 2,000 people who are HIV-positive in Palm Beach County.

 

One of the recipients of a letter postmarked March 8 told The Palm Beach Post Tuesday, "I'm very upset about this. I've been HIV-positive for a long time and, thankfully, I'm OK, but I'm looking for a job. Who is going to hire me if someone reveals my HIV status? This is a terrible thing."

 

Read the entire story at:

 

http://www.palmbeachpost.com/localnews/content/local_news/epaper/2005/03/16/m1a_aidsemail_0316.html

[Justice]

>>INADVERTENTLY?

>>

>>HUMAN ERROR?

>>

>>Give me a break! How can one accidently attach a file to an

>>e-mail?

>

>Idiot operator mistakes happen EVERY DAY.

>

>A friend once asked HR about cashing in her stock options

>because she was considering leaving that dot-com startup. The

>HR drone replied, inadvertently copying EVERY EMPLOYEE IN THE

>COMPANY.

>

>Email and confidential data DO NOT MIX well, and SHOULD NOT BE

>ALLOWED TO MIX. Murphy will see to it that there is a blunder.

>The more sensitive the data, the more spectacular the

>blunder.

>

 

 

Exactly. A couple of years ago, a layoff notice that should have been GIVEN to an employee that was about to be laid off was accidently e-mailed to the EVERYONE where I work. He had no idea that he was about to be laid off. It was quickly recinded, so he was lucky in that HR's error wound up saving his job. (He still works with us.) The ironic part was that I immediately called HR as soon as I saw the notice. Until I called, they had no idea that it had gone out because they hadn't yet read their own e-mail. :o