UnityPoint Data Breach (Department Of Health And Human Services, Office For Civil Rights)

Robert Teel filed this request with the Department Of Health And Human Services, Office For Civil Rights of the United States of America.
Status
Rejected

Communications

From: Robert Teel


To Whom It May Concern:

Pursuant to the Freedom of Information Act, I hereby request the following records:

All records in connection any data breach of Iowa Health System d/b/a UnityPoint Health and its affiliates, including:

(1) the Email Hacking/IT Incident data breach of Iowa Health System d/b/a UnityPoint Health, state of Iowa, covered entity type Business Associate, affecting 16,429 individuals, and reported on 04/16/2018;

(2) the Email Hacking/IT Incident data breach of UW Health, state of Wisconsin, covered entity type Healthcare Provider, affecting 2,036 individuals, and reported on 5/25/2017; and

(3) the Electronic Medical Record Unauthorized Access/Disclosure of UnityPoint Health Affiliated Covered Entity, state of Iowa, covered entity type Healthcare Provider, affecting 1,620 individuals, and reported on 05/11/2016.

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.

Sincerely,

Robert Teel

From: Department Of Health And Human Services, Office For Civil Rights

RE: FOIA Request # 2018-01033-FOIA-OS
October 09, 2018
Dear Mr. Teel,
Good morning and thank youfor your email.  The HHS FOIA office has not yet received any responsiverecords pertaining to your FOIA request.  I have reached out to theappropriate program office to ascertain an estimated date of completion for therecords search.  I do apologize for the delay and hope to have an updatesoon.  Thank you and best regards.
Sincerely,
Natasha Taylor
Government Information Specialist

From: Robert Teel

Dear Ms. Taylor,

Please provide the documents or a status report on this request. Thank you for your consideration.

Sincerely,
Robert Teel

From: Robert Teel

Hello Again Ms. Taylor. I wanted to let you know I had a conversation with someone named Andra [sic] at the Department Of Health And Human Services, Office For Civil Rights asking me to re-submit this request and telling me she had closed the file because "I have no obligation to search for affiliates." As I informed her, I want the entire file on each of the data breaches set forth below pursuant to the Freedom of Information Act, including any records of affiliates that are in the referenced file. I am not asking anyone to search for other affiliates' data breaches, but rather provide the file for the breaches requested, including any records that are in those files pertaining to affiliates. Please not there has been an additional data breach affecting 1.4 million persons reported on 7/30/18 for which I am requesting records in addition to the three data breach incidents previously asked for. According to Andra's [sic] instructions to resubmit the request, pursuant to the Freedom of Information Act I hereby request the following records:

All records in connection any data breach of Iowa Health System d/b/a UnityPoint Health including records in the files of such data breaches for its affiliates or in the files for the data breaches set forth below), including:

(1) the Email Hacking/IT Incident data breach of Iowa Health System d/b/a UnityPoint Health, state of Iowa, covered entity type Business Associate, affecting 1,421,107 and reported on 7/30/2018;

(2) the Email Hacking/IT Incident data breach of Iowa Health System d/b/a UnityPoint Health, state of Iowa, covered entity type Business Associate, affecting 16,429 individuals, and reported on 04/16/2018;

(3) the Email Hacking/IT Incident data breach of UW Health, state of Wisconsin, covered entity type Healthcare Provider, affecting 2,036 individuals, and reported on 5/25/2017; and

(4) the Electronic Medical Record Unauthorized Access/Disclosure of UnityPoint Health Affiliated Covered Entity, state of Iowa, covered entity type Healthcare Provider, affecting 1,620 individuals, and reported on 05/11/2016;

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.

Sincerely,

Robert Teel

From: Robert Teel

Dear Ms. Taylor,

I just spoke with Andra Wicks who was quite exorcised and hung up on me. However, I gleaned from my "conversation" with her that there is some confusion in the communication because there are two email chains going on with requests: FOIA Requests 2018-01033-FOIA-OS and 2018-01056-FOIA-OS. Unfortunately, I can't tell which is which.

I see that Ms. Wicks has indeed contacted me by email on 10/30/18 and 11/8/18 on this email string. I returned her call per her request on 11/16/18. We then played phone tag until today when she hung up on me without getting to the bottom of where things stand.
You wrote me on June 13, 2018 to let me know, "Please be advised that your June 04, 2018 request is duplicative of your May 28, 2018 request; therefore, we are closing the file for 2018-01056-FOIA-OS. You will receive all requested records, if they exist, under FOIA Request # 2018-01033-FOIA-OS."

I then wrote you in connection with this email string, the one commencing on June 4, 2018. Am I correct that this is the one that has been terminated and I should use the May 28, 2018 email string? It appears to me that both subjects in the emails refer to 2018-01033-FOIA-OS.

I am sending this message to the other email string as well in hopes that I can clear up the confusion and get the request back on track. Due to the breakdown in communication with Ms. Wicks, I request we deal with this matter in writing.

Thank you for your consideration.
Sincerely,
Robert Teel

Files

There are no files associated with this request.