The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Email Error Results in Impermissible Disclosure of the PHI of 900 Campbell County Health Patients

Posted By on Feb 17, 2021

An email error by an employee of Campbell County Health (CCH) has resulted in the impermissible disclosure of the protected health information of 900 individuals. The Gillette, WY-based health system discovered on February 5, 2021 that an employee sent an email to a patient and attached an incorrect file.

The file contained patient names, account numbers, and their type of insurance. The email error was discovered within an hour of the email being sent and the recipient was immediately contacted and was told to securely delete the attachment. CCH officials provided instructions on how to ensure that the file was permanently deleted from the email account and all devices, and CCH has received satisfactory assurances that the file has now been permanently deleted and no further disclosures were made.

Affected individuals have been notified about the incident and internal policies are being revised to prevent similar incidents in the future. CCH has also provided further training to employees on best practices for protecting patient data.

UT Southwestern Medical Center Alerts Patients About Impermissible PHI Disclosure

UT Southwestern Medical Center in Dallas, TX is notifying 3,640 patients about an inappropriate disclosure of their names and email addresses to a third-party vendor.  The information was shared with the third-party vendor in order to send invitations to a Kidney Cancer Program event. No other information was disclosed. All affected patients had previously received medical services through the UTSW Kidney Cancer Program.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The information was not further disclosed or compromised, but the sharing of the patient information was not permitted under HIPAA, hence the need to notify patients. UTSW Medical Center said, “UT Southwestern considers the protection of our patients’ privacy of utmost importance, and we deeply regret the occurrence of this incident and any worry, distress, or difficulty that it may cause.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist