The Ohio Department of Mental Health and Addiction Services said it plans to change the way it sends out its customer survey cards after a data breach.
The breach involves people who received cards over the past five years.
The problem, according to the state, involved the "unauthorized disclosure of some of your child's Protected Health Information (PHI).”
That's forbidden under federal privacy laws called HIPPA.
This mistake doesn't sit well with Terry Russell, the Executive Director of the National Alliance of Mental Illness of Ohio.
He said news like this could cause people to not seek help.
“We have a number of people will not seek treatment because of the stigma associated with it,” he said.
According to OhioMHAS, "The postcards did not include social security numbers or other information which could lead to potential identity theft, and did not include any specific information about the recipient's mental health condition or services received."
Still, Russel said the breach is concerning.
“Anytime there is a breach in health care it's serious,” he said.
In a statement the agency's director Tracy Plouck said: “OhioMHAS takes very seriously its commitment to the privacy and protection of people receiving mental health treatment. We regret this situation and any concern it may cause, and we are committed to diligently safeguarding consumer information moving forward.”
The state says it's been sending the exact same survey cards for the past four years, and no one at the agency raised concerns despite receiving yearly HIPPA training, according to a spokesperson.
The agency said the issue came to their attention for the first time when a parent called out of concern.
Russel said he understands mistakes happen, and believes the agency will correct it.
“We have to fix it and the department says it will fix it,” Russell said.
The state has set up a phone number for people who have questions about the survey cards: 1-855-691-3339.
The state says from now on, the surveys will be sent in sealed envelopes.