In supporting information regarding a bill, DSS sent OPM information on up to 8,500 clients who receive medications from DSS. The information, with client numbers but no names or Social Security numbers, was then sent to legislators, legislative staff, and organizations involved in administering medications to DSS clients. The client numbers should not have been shared with OPM and DSS is investigating whether this constitutes a breach of HIPAA; currently it is labeled an unauthorized disclosure of information. DSS and OPM issued a statement about the error and are working with the Attorney General’s office. They have notified recipients of the information and are working with them to discard the data. The bill in question would allow unlicensed home health aides, under a nursing supervisor, to administer medications to people in state home health programs. This latest release of sensitive patient information highlights the need for strong privacy and security protections for medical records. For a list of breaches of sensitive information reported to the federal government affecting over 500 people, click here.