HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

6,450 Prairie Fields Family Medicine Patients Notified About Email-Related Privacy Breach

Prairie Fields Family Medicine in Fremont, NE, is alerting 6,450 patients that some of their protected health information was contained in an unencrypted spreadsheet that was inadvertently sent to the wrong email recipient.

The email was sent on October 1, 2018, and the error was discovered the same day. Prairie Fields Family Medicine has made multiple attempts to contact the owner of the email account to ensure the spreadsheet is securely deleted but, so far, no response has been received.

The lack of contact has led Prairie Fields Family Medicine to believe the email account is no longer in use and has been abandoned, although the possibility remains that the spreadsheet has been opened and patient information has been compromised.

The spreadsheet did not contain any financial data or health information typically contained in medical records. The breach was limited to patients’ first and last names, birth date, telephone number, first language spoken, sex, race, and, for certain patients, primary and secondary health insurer information, including providers’ names and account numbers.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

All affected patients have been notified of the breach by mail and the Department of Health and Human Services’ Office for Civil Rights has been informed.

Prairie Fields Family Medicine has not received any information to suggest any patient health information has been accessed or misused, but since insurance information has potentially been compromised, affected patients have been advised to check their explanation of benefits statements for suspicious activity.

The privacy breach has prompted Prairie Fields Family Medicine to put additional controls in place to prevent further impermissible disclosures of patients’ protected health information.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.