Share this article on:
Prairie Fields Family Medicine in Fremont, NE, is alerting 6,450 patients that some of their protected health information was contained in an unencrypted spreadsheet that was inadvertently sent to the wrong email recipient.
The email was sent on October 1, 2018, and the error was discovered the same day. Prairie Fields Family Medicine has made multiple attempts to contact the owner of the email account to ensure the spreadsheet is securely deleted but, so far, no response has been received.
The lack of contact has led Prairie Fields Family Medicine to believe the email account is no longer in use and has been abandoned, although the possibility remains that the spreadsheet has been opened and patient information has been compromised.
The spreadsheet did not contain any financial data or health information typically contained in medical records. The breach was limited to patients’ first and last names, birth date, telephone number, first language spoken, sex, race, and, for certain patients, primary and secondary health insurer information, including providers’ names and account numbers.
All affected patients have been notified of the breach by mail and the Department of Health and Human Services’ Office for Civil Rights has been informed.
Prairie Fields Family Medicine has not received any information to suggest any patient health information has been accessed or misused, but since insurance information has potentially been compromised, affected patients have been advised to check their explanation of benefits statements for suspicious activity.
The privacy breach has prompted Prairie Fields Family Medicine to put additional controls in place to prevent further impermissible disclosures of patients’ protected health information.