Notice of Data Breach at Stanislaus County Behavioral Health and Recovery Services

What Happened? We became aware of this breach on August 29, 2024, which occurred on or about August 19, 2024. On August 29, 2024, members of BHRS's leadership were informed of a potential breach of Protected Health Information (PHI). The report stated that a member brought their Service Verification letter to their treatment program, indicating that the backside included the Service Verification letter for another member.

Following that report, the Compliance/Privacy and Risk Management managers investigated it. The investigation found that an error occurred while printing Service Verification Letters, causing the information for two individuals to be printed on opposite sides of the paper. Those letters were then folded and sent out on August 19, 2024. Based on the investigation, it was determined that this constituted a breach of member PHI.

What Information Was Involved? The letters included the member's first and last name, address, treatment dates, the type of treatment received, and the treatment provider’s name.

What Members Can Do: The breach does not result in potential financial harm, and no additional steps must be taken to protect member financial data. No other potential harm has been identified in response to this incident. All 767 members impacted have been sent a letter detailing this incident.

What We Are Doing: BHRS has been investigating the breach since notification of the breach. BHRS reviewed multiple Service Verification Letter files to identify the scope of the breach and determine if the breach occurred over multiple months. This required manual review to confirm that the files contained no errors. BHRS has also contacted the applicable state oversight agency, the Department of Health Care Service, to report the breach and has been providing updates as more information is found. BHRS is in the process of addressing the incident with the programs responsible for developing the report for printing the letters and printing and mailing the Service Verification letters. The programs have confirmed that this only occurred during the August 2024 printing cycle and that additional measures are in place at this time to protect members’ personal information.

We take our role of safeguarding member personal information seriously. BHRS apologizes to our members for the incident and be assured that we are doing everything we can to rectify the situation.

For More Information: Members can call the toll-free Compliance hotline at (800) 779-1907 with questions or concerns about this incident.