We are sending this letter as part of KIPDA’s commitment to client privacy and want to make you aware of a possible privacy issue. We recently learned of a security incident that may have involved some personal health information we recently collected to perform services for you or for an individual in your care. KIPDA partners with community providers to support members of our community through the provision of individualized services such as caregiver services, in-home services, and Medicaid Waiver Program services. To perform these services, KIPDA must collect and maintain certain personal health information for the individuals we seek to serve. We want to let you know what happened involving the personal information in our possession, what steps we are taking in response, and how you can protect personal information about you or others in your care.

What Happened. On January 9, 2023, an automobile belonging to one of our employees was stolen from her home, along with the contents, which included some work papers containing personal information. When the automobile was recovered, the work papers were missing. We are notifying you because your information or the information of someone in your care may have been included in the work papers that were in the stolen automobile and could have been viewed or accessed by unauthorized persons as a result of the theft.

What Information Was Involved. The work papers in the stolen vehicle included completed Physician Recommendation forms for Medicaid Waiver services for Kentucky Medicaid program members. The personal information contained on these forms consisted of the following: The Medicaid member’s name, address, phone number, diagnosis or diagnoses, Medicaid Member ID number, a physician’s signature and the physician’s National Provider Number. The information did not include a birth date, social security number, or any financial account information.

What We Are Doing in Response. Immediately upon discovering the automobile’s theft, our employee reported it to the police as well as to KIPDA. KIPDA conducted its own investigation into the incident to identify where we can improve and update physical, technical, and administrative safeguards for our client’s personal information. We provided additional training to our staff on how to protect and secure personal information outside our offices. KIPDA is continuing to review and update our information privacy and security policies and procedures to ensure that we have adequate safeguards in place to protect personal health information.

What You Can Do. We recommend that you review the enclosed “Identity Theft: Helpful Tips and Resources” describing steps you can take to protect personal information, such as regularly reviewing financial and healthcare statements, obtaining and reviewing your free credit report, placing a fraud alert or security freeze on your credit file, and how to create a strong password. It also includes links to state attorney general and federal identity theft resources.

We take the confidentiality of the personal information we collect very seriously and apologize for any inconvenience this incident might cause you. If you have any further questions, please contact me at or call 1-502-714- 5111 (toll free), Monday through Friday from 8 am to 4 pm Eastern Time. Voicemail messages will be returned within two business days.


JoAnna Weiss, MA

Quality Management Planner KIPDA Privacy and Security Officer


(Current as of January 19, 2023)

Credit Reporting Agencies. Contact information for the three nationwide credit reporting agencies is:

Equifax, PO Box 740241, Atlanta, GA 30374,, 1-800-685-1111 (1-800-465-7166 in Canada)

Financial and Healthcare Accounts and Statements. Closely monitor all financial and healthcare accounts including credit cards, checking and saving accounts, 401k retirement funds, Health Savings Accounts, etc., as well as statements related to financial accounts and healthcare services. Contact the financial institution or healthcare provider if you see unauthorized activity or if you see transactions that you do not recognize. Contact your credit card and other financial companies with whom you have relationships to alert them that your identity was compromised and to establish additional security on your personal accounts. Remain vigilant for incidents of fraud and identity theft by reviewing bank account and healthcare statements and monitoring your credit report for unauthorized activity.

Passwords. Use a different, complex 12-character password for each online account. Choose a password that is a combination of both upper- and lower-case characters, numbers, and special symbols (such as $, *, !, #, @). Do not use a password that contains any part of your name, birthdate or Social Security number, your address, or a word that is readily identified with you from online resources such as social media (e.g., pet names, friends and family member names, favorite teams, your profession, employer, etc.). Keep your passwords in a secure location. Passwords kept in your wallet, taped to the back of a device, or stored in unencrypted files on your computer or a mobile device are not secure. Consider using a password manager to record and keep your passwords secure.