A folder containing personal information of 620 patients from the Indian Health Service Rosebud Service Unit was quickly recovered after being left in a public area at the IHS Rapid City Service Unit, according to a news release.
IHS officials discovered the folder filled with classified information that included names, Social Security numbers and U.S. Department of Veterans Affairs enrollment information that had been accidentally left behind on May 30 by an IHS employee.
A letter was sent on July 16 to everyone whose information was compromised to inform them of the privacy breach and to issue an apology, the release stated.
William Bear Shield, the chairman of the Rosebud Sioux Tribal Health board and a veteran of Desert Storm, said Friday he was one of the 620 patients whose information was compromised.
He spoke to many other veterans about the privacy breach, he said. The most common question he heard and the one he wants answered is: "Why was that information in Rapid City to begin with?
"I represent a community in Gregory County, 90 miles east of Rosebud, so what was my information doing up there?" He said. "Why was it in possession of an individual in Rapid City?"
Bear Shield said he asked employees at the Rosebud Service Unit why information was in Rapid City, but he said no one would give him a straight answer.
In accordance with Health Insurance Portability and Accountability Act (HIPAA) regulations, an investigation was conducted, the release stated. It appears that none of the information was accessed or used by any unauthorized individuals, according to the release.
Bear Shield received the letter that he said offered one year of free credit monitoring, but he still has concerns about his identity being compromised.
"How can I know if someone didn't find that information and write down my Social Security number and just wait a year before using it?" he asked.
Representatives from IHS could not be reached Friday for comment.
To prevent future occurrences, all IHS staff in the Great Plains Area will receive additional training in HIPAA privacy and security rules, according to the release.