UnityPoint Data Breach (Department of Health and Human Services)

Robert Teel filed this request with the Department of Health and Human Services of the United States of America.
Tracking #

2018-01033-FOIA-OS

Multi Request UnityPoint Data Breach
Due July 12, 2018
Est. Completion None
Status
Awaiting Response

Communications

From: Robert Teel


To Whom It May Concern:

Pursuant to the Freedom of Information Act, I hereby request the following records:

All records in connection any data breach of Iowa Health System d/b/a UnityPoint Health and its affiliates, including:

(1) the Email Hacking/IT Incident data breach of Iowa Health System d/b/a UnityPoint Health, state of Iowa, covered entity type Business Associate, affecting 16,429 individuals, and reported on 04/16/2018;

(2) the Email Hacking/IT Incident data breach of UW Health, state of Wisconsin, covered entity type Healthcare Provider, affecting 2,036 individuals, and reported on 5/25/2017; and

(3) the Electronic Medical Record Unauthorized Access/Disclosure of UnityPoint Health Affiliated Covered Entity, state of Iowa, covered entity type Healthcare Provider, affecting 1,620 individuals, and reported on 05/11/2016.

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.

Sincerely,

Robert Teel

From: Department of Health and Human Services

RE: 2018-01033-FOIA-OS Dear Mr. Teel: This is in response to your Freedom of Information Act (FOIA) request, dated: May 29, 2018, concerning any data breaches of Iowa Health System d/b/a UnityPoint Health and its affiliates. We received your request on
May 29, 2018 and have begun processing your request.  Please see attached for additional information.  Thank you and best regards.
Sincerely,
Natasha Taylor
Government Information Specialist
Main Office Line:  202-690-7453

From: Department of Health and Human Services

RE: 2018-01033-FOIA-OS Dear Mr. Teel: This is in response to your Freedom of Information Act (FOIA) request, dated: May 28, 2018, concerning Iowa Health System d/b/a UnityPoint Health and its affiliates. We received your request on
May 29, 2018 and have begun processing your request.  Please see attached for additional information.
Sincerely,
Natasha Taylor
Government Information Specialist
Main Office Line:  202-690-7453

From: Department of Health and Human Services

RE: 2018-01056-FOIA-OS
Dear Mr. Teel:
This is in response to your Freedom of Information Act (FOIA) request, dated: June 04, 2018, concerning any data breach of Iowa Health System d/b/a UnityPoint Health and its affiliates. We received your request on
June 04, 2018 and have begun processing your request.  Please see attached for additional information.
Sincerely,
Natasha Taylor
Government Information Specialist
Main Office Line:  202-690-7453

From: Department of Health and Human Services

RE: FOIA Request # 2018-01056-FOIA-OS
June 13, 2018
Dear Mr. Teel,
This communication is regarding your FOIA request for records concerning "any data breach of Iowa Health System d/b/a UnityPoint Health and its affiliates."  On 05 June, I transmitted communication acknowledging your request that was assigned the above-referenced case number.
Please be advised that your June 04, 2018 request is duplicative of your May 28, 2018 request; therefore, we are closing the file for 2018-01056-FOIA-OS.  You will receive all requested records, if they exist, under FOIA Request # 2018-01033-FOIA-OS.  Thank you and best regards..
Sincerely,
Natasha Taylor
Government Information Specialist
202-691-2067

From: Department of Health and Human Services

Mr. Teel,

I am the FOIA Processor for your request of the Office for Civil Rights for documents related to Iowa Health System, UW Health state of Wisconsin, and Unity Point Health. I need to speak with you regarding your request. Please call me at 202-774-3081. I do not have a phone number for you and it would help tremendously if we could communicate by phone. Thank you.

Andra Wicks
Health Information Privacy Specialist
Office for Civil Rights
Department of Health and Human Services

From: Department of Health and Human Services

Mr. Teel,

This is my second request for you go get in touch with me. I am the FOIA Processor for your request of the Office for Civil Rights for documents related to Iowa Health System, UW Health state of Wisconsin, and Unity Point Health. I need to speak with you regarding your request. Please call me at 202-774-3081. I do not have a phone number for you and it would help tremendously if we could communicate by phone. Thank you.

Andra Wicks
Health Information Privacy Specialist
Office for Civil Rights
Department of Health and Human Services

From: Robert Teel

Hello Andra,

I just called and left a message. My phone number is 718-570-7509. I look forward to connecting soon.

~ Robert Teel

From: Robert Teel

Hello Ms. Taylor. I wanted to let you know I had a conversation with someone named Andra Wicks at the Department Of Health And Human Services, Office For Civil Rights on or about Friday, 11/16/18 asking me to re-submit this request and telling me she had closed the file because "I have no obligation to search for affiliates."

As I informed her, I am seeking the entire file on each of the data breaches set forth below pursuant to the Freedom of Information Act, including any records of affiliates that are in the referenced file. I am not asking anyone to search for other affiliates' data breaches, but rather provide the file for the breaches requested, including any records that are in those files pertaining to affiliates. Please not there has been an additional data breach affecting 1.4 million persons reported on 7/30/18 for which I am requesting records in addition to the three data breach incidents previously asked for. According to Andra's [sic] instructions to resubmit the request, pursuant to the Freedom of Information Act I hereby request the following records:

All records in connection any data breach of Iowa Health System d/b/a UnityPoint Health including records in the files of such data breaches for its affiliates or in the files for the data breaches set forth below), including:

(1) the Email Hacking/IT Incident data breach of Iowa Health System d/b/a UnityPoint Health, state of Iowa, covered entity type Business Associate, affecting 1,421,107 and reported on 7/30/2018;

(2) the Email Hacking/IT Incident data breach of Iowa Health System d/b/a UnityPoint Health, state of Iowa, covered entity type Business Associate, affecting 16,429 individuals, and reported on 04/16/2018;

(3) the Email Hacking/IT Incident data breach of UW Health, state of Wisconsin, covered entity type Healthcare Provider, affecting 2,036 individuals, and reported on 5/25/2017; and

(4) the Electronic Medical Record Unauthorized Access/Disclosure of UnityPoint Health Affiliated Covered Entity, state of Iowa, covered entity type Healthcare Provider, affecting 1,620 individuals, and reported on 05/11/2016;

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.

Sincerely,

Robert Teel

From: Robert Teel

Dear Ms. Taylor,

I just spoke with Ms. Andra Wicks again who was quite exorcised and hung up on me. However, I gleaned from my "conversation" with her that there is some confusion in the communication because there are two email chains going on with requests: FOIA Requests 2018-01033-FOIA-OS and 2018-01056-FOIA-OS. Unfortunately, I can't tell which is which because the subject matter of both email strings refers to the 2018-01033-FOIA-OS request (see June 4, 2018 email correspondence). So, I will refer to them as the May 28, 2018 request and the June 4, 2018 request.

I see that Ms. Wicks has indeed contacted me by email on 10/30/18 and 11/8/18 on this May 28, 2018 email string. I returned her call per her request on 11/16/18. We then played phone tag until last week, and then today when she hung up on me without getting to the bottom of where things stand.

You wrote me on June 13, 2018 to let me know, "Please be advised that your June 04, 2018 request is duplicative of your May 28, 2018 request; therefore, we are closing the file for 2018-01056-FOIA-OS. You will receive all requested records, if they exist, under FOIA Request # 2018-01033-FOIA-OS." Can you confirm that it is the June 4, 2018 that is closed? The last correspondence on the June 4, 2018 string is from you and is dated 10/9/18.

I am sending this message to theJune 4, 2018 email string as well in hopes that I can clear up the confusion and get the request back on track. Due to the breakdown in communication with Ms. Wicks, I request we deal with this matter in writing. Per Ms. Wicks request from 11/18/18, I have resubmitted the request as set forth above. Please inform me at your earliest convenience if I need to take any other action.

Thank you for your consideration.

Sincerely,
Robert Teel

Files

pages

Close