A major data breach at the Metro Health Department exposes the confidential information of HIV patients who asked for privacy.
This affects men and women in 13 middle Tennessee counties.
Metro’s health director says an employee copied the data file to a folder accessible by the department and 500 employees can access that folder.
The file contained information like HIV diagnosis, social security numbers and if the patients used illegal drugs.
Metro Health said it sat there for nine months, but no one accessed the file.
“If anybody happened for any reason to take that data, they would be breaking the law and if we are aware of that we will pursue that to the extent allowed by law,” Dr. Sanmi Areola, Director for the Department of Health, said.
Josh Robbins, who learned he had HIV years ago, says he’s upset about the leak. He plans to sue the health department.
“This wasn’t just a simple data breach,”Robbins said. “It was one of the largest if not the largest accounts that data was not protected by the gatekeepers in public health.”
Since being diagnosed with HIV in 2012, Robbins has shared his journey with the public.
His says his info is included in the leaked document:
“I’m hurt at the gross negligence of the health department that they never told us. We shouldn’t be finding out about this from the media. We should have found out from them.
Someone needs to be fired. Someone needs to be held accountable. The entire health department and a full external investigation must happen that tells the real story.
If you think that I trust their version of this, you must not be one of the people like I am whose 35 years of information wasn’t protected in our state because it was included in this data base.”
The employee who made the error was ordered to undergo required training. Areola said the act was not malicious.