Community Care Services Program (CCSP) Data Breach FAQs
Community Care Services Program (CCSP) Data Breach FAQs
Who was affected by this breach?
The breach involved approximately 3,000 people enrolled in the Community Care Services Program (CCSP).
What is the Community Care Services Program (CCSP)?
CCSP is a state program that helps people at risk of nursing home placement to remain in their communities. CCSP is managed by the Department of Human Services Division of Aging Services in partnership with Georgia’s 12 Area Agencies on Aging.
How did the breach happen?
The Division of Aging Services inadvertently shared client information with a contracted provider that was not authorized to receive those details. The Division immediately notified the provider. The clinical professionals who received the encrypted email deleted it without accessing the contents.
What information was disclosed?
The information included affected clients’ names, regions, and certain health diagnoses. The disclosure did not include social security numbers, addresses, phone numbers, dates of birth, financial information, or benefits information.
Who received the information in error?
DAS sent the information to the Fuqua Center for Late-Life Depression at Emory University. The Center did not request the information and destroyed it promptly as instructed.
How would I know if I was affected?
Affected clients were notified of the breach in accordance with federal policies for agencies covered by the Health Insurance Portability and Accountability Act (HIPAA). If you did not receive a notice and you are concerned that you may have been affected then you may call 1-844-MYGADHS (1-844-694-2347) and select option 4 for CCSP data breach to confirm if you were affected by the breach.
Will this expose the affected people to any harm?
The breached information was general in nature. The disclosures did not include contact information, dates of birth, financial information, social security numbers, or benefits information.
What will DHS do to prevent this from happening again?
All Department staff will undergo additional training on privacy standards set out by the Health Insurance Portability and Accountability Act (HIPAA). The Department has also begun to require an additional approval procedure for all future disclosures.
Whom can I contact for more information?
Individuals with questions or concerns about the data breach can contact the agency by email at [email protected] or call 1-844-MYGADHS (1-844-694-2347) and select option 4 for CCSP data breach.