HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Email Error Results in Impermissible Disclosure of the PHI of 900 Campbell County Health Patients

An email error by an employee of Campbell County Health (CCH) has resulted in the impermissible disclosure of the protected health information of 900 individuals. The Gillette, WY-based health system discovered on February 5, 2021 that an employee sent an email to a patient and attached an incorrect file.

The file contained patient names, account numbers, and their type of insurance. The email error was discovered within an hour of the email being sent and the recipient was immediately contacted and was told to securely delete the attachment. CCH officials provided instructions on how to ensure that the file was permanently deleted from the email account and all devices, and CCH has received satisfactory assurances that the file has now been permanently deleted and no further disclosures were made.

Affected individuals have been notified about the incident and internal policies are being revised to prevent similar incidents in the future. CCH has also provided further training to employees on best practices for protecting patient data.

UT Southwestern Medical Center Alerts Patients About Impermissible PHI Disclosure

UT Southwestern Medical Center in Dallas, TX is notifying 3,640 patients about an inappropriate disclosure of their names and email addresses to a third-party vendor.  The information was shared with the third-party vendor in order to send invitations to a Kidney Cancer Program event. No other information was disclosed. All affected patients had previously received medical services through the UTSW Kidney Cancer Program.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The information was not further disclosed or compromised, but the sharing of the patient information was not permitted under HIPAA, hence the need to notify patients. UTSW Medical Center said, “UT Southwestern considers the protection of our patients’ privacy of utmost importance, and we deeply regret the occurrence of this incident and any worry, distress, or difficulty that it may cause.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.