HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

American Indian Health & Services and Madison Parish Hospital Discover Impermissible PHI Disclosures by Employees

American Indian Health & Services, the operator of a community health clinic in Santa Barbara, CA, has discovered a former employee forwarded emails containing the sensitive data of certain employees, patients, and vendors to a personal email account, in violation of HIPAA Rules.

The incident was detected on March 7, 2019. An analysis to the email account revealed the former employee, who was employed at the clinic at the time, had forwarded emails to her personal email account between March 26 and February 6, 2019.

The emails contained names, billing information, provider names and locations, dates of service, amounts paid/owed for services provided, health insurance and payor information, and Medicare/Medicaid and/or Medical numbers.

The incident has been reported to law enforcement, state, and federal regulators and affected individuals have been notified by mail. No reports of misuse of patient information have been received to date, but as a precaution against identity theft and fraud, affected individuals have been offered 12 months of credit monitoring and identity theft restoration services at no cost.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

It is currently unclear how many current and former patients have been affected by the incident.

Madison Parish Hospital Service District Discovers PHI of 1,436 Patients was Impermissibly Disclosed

Madison Parish Hospital Service District is notifying 1,436 patients of Madison Parish Hospital and its clinic in Tallulah, LA, that some of their protected health information has been impermissibly disclosed to a third-party.

According to the breach notice uploaded to the hospital website, an employee of the hospital was discovered to have accessed a list of patients and disclosed that list to a third-party.

Few details of the breach have been made public, so it is unclear who the third party was, the types of information that were disclosed, or the reason for the disclosure.

Madison Parish Hospital believes the information was sent confidentially and there have been no further disclosures of the received information. According to the breach notice, the incident was discovered on February 20, 2018. The timing of the notification suggests this may have been a typo and the incident occurred in February 2019.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.