The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Mailing Error Sees 1,126 Letters Sent to Patients’ Previous Addresses

Posted By on Jan 26, 2017

A ‘software glitch’ has resulted in billing statements and other communications sent by TriHealth of Cincinnati being mailed to patients’ former addresses. The privacy breach was discovered in November 2016, and impacts 1,126 TriHealth patients.

The glitch caused current addresses to be substituted with former addresses. In some cases, mail may have been forwarded on to the correct address, although TriHealth was unable to determine whether this was the case. Letters have now been mailed to the correct addresses and affected patients have been notified of the error by mail.

The error affected mailings of billing statements, appointment reminder letters, and other correspondence between November 15, 2015 and January 12, 2017 when the error was discovered. Individuals affected by the error had all mailings directed to wrong addresses between those dates.

The types of protected health information contained in the mailings varied from patient to patient. PHI that was potentially exposed was limited to patients’ names, visit dates, descriptions of medical service provided, places of service, financial charges, details of payments and adjustments, account balances, due payments, and details of appointments.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

No insurance numbers, Social Security numbers, credit/debit card information or financial institution information was printed in any of the misdirected letters.

TriHealth has not received any reports to suggest any of the information contained in the letters has been misused in any way. Since the privacy breach only involved a limited amount of data, and the risk of misuse is believed to be low, affected individuals have not been offered credit monitoring or identity theft protection services. They have been advised that they are entitled to obtain a free annual credit report from credit reporting companies and can check for suspicious credit activity.

The software error has now been fixed and affected patients have had their addresses corrected in TriHealth’s computer system.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist