Share this article on:
American Indian Health & Services, the operator of a community health clinic in Santa Barbara, CA, has discovered a former employee forwarded emails containing the sensitive data of certain employees, patients, and vendors to a personal email account, in violation of HIPAA Rules.
The incident was detected on March 7, 2019. An analysis to the email account revealed the former employee, who was employed at the clinic at the time, had forwarded emails to her personal email account between March 26 and February 6, 2019.
The emails contained names, billing information, provider names and locations, dates of service, amounts paid/owed for services provided, health insurance and payor information, and Medicare/Medicaid and/or Medical numbers.
The incident has been reported to law enforcement, state, and federal regulators and affected individuals have been notified by mail. No reports of misuse of patient information have been received to date, but as a precaution against identity theft and fraud, affected individuals have been offered 12 months of credit monitoring and identity theft restoration services at no cost.
It is currently unclear how many current and former patients have been affected by the incident.
Madison Parish Hospital Service District Discovers PHI of 1,436 Patients was Impermissibly Disclosed
Madison Parish Hospital Service District is notifying 1,436 patients of Madison Parish Hospital and its clinic in Tallulah, LA, that some of their protected health information has been impermissibly disclosed to a third-party.
According to the breach notice uploaded to the hospital website, an employee of the hospital was discovered to have accessed a list of patients and disclosed that list to a third-party.
Few details of the breach have been made public, so it is unclear who the third party was, the types of information that were disclosed, or the reason for the disclosure.
Madison Parish Hospital believes the information was sent confidentially and there have been no further disclosures of the received information. According to the breach notice, the incident was discovered on February 20, 2018. The timing of the notification suggests this may have been a typo and the incident occurred in February 2019.