HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Email Error Impacts 6,500 Saliba’s Extended Care Pharmacy Patients

Saliba’s Extended Care Pharmacy in Phoenix, Arizona is alerting more than 6,500 patients to an accidental disclosure of some of their protected health information (PHI).

Copies of invoices for December 2016 were sent via Saliba’s Pharmacy’s encrypted email platform to the wrong patients in January. While there is no chance that the emails could have been intercepted by unauthorized individuals, the emails were opened by three patients or their representatives. The incident occurred on January 12, 2017, and Saliba’s Pharmacy discovered the error four days later on January 16.

Since HIPAA Rules and patient privacy were accidentally violated, breach notification letters were sent to patients on March 3 to alert them to the incident. Patients have been advised to exercise caution and check their explanation of benefits statements and Saliba’s Pharmacy statements for signs of misuse. However, no reports of any misuse of the information have been received by Saliba’s Pharmacy and the risk of PHI misuse as a result of this impermissible disclosure is believed to be very low.

Patients affected by the incident have been told that the information disclosed was limited to names, addresses, and account balances. Some patients also had descriptions and amounts of over-the-counter medications and other pharmacy items detailed in the invoices. The invoices did not contain highly sensitive PHI such as Social Security numbers, health insurance information or financial information.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

President of Saliba’s Pharmacy, John Saliba, issued a statement saying privacy breaches such as this are treated very seriously. The employee who made the error has been terminated and additional training has been provided to staff members. Policies and procedures at the pharmacy have also been updated to prevent similar incidents from occurring in the future and to ensure the protected health information of patients is better protected.

According to the breach report submitted to the Department of Health and Human Services’ Office for Civil Rights, 6,599 patients were impacted by this incident.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.