25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Experian Health Accidentally Sends PHI to Incorrect Individuals

Posted By on Jun 27, 2017

Experian Health has discovered the protected health information of some patients has been accidentally disclosed to incorrect individuals due to a technical error that occurred during a server migration.

The disclosed data including names, addresses, genders, dates of birth, Medicare ID/HIC numbers, member ID numbers, insurance/payer company names, group numbers/group policy numbers and Medicaid case numbers. The data were shared with incorrect HIPAA covered entities. No information was sent to or otherwise shared with members of the public.

Experian Health took immediate action to address what it refers to as ‘an isolated error’ and reports that the mistake has been corrected. The error affected two platforms used by Experian Health, with data disclosed between February 13 and March 13, 2017.

The information disclosed could only have been accessed or saved by HIPAA-covered entities, who are bound by HIPAA Rules. Therefore, the risk of protected health information being misused is likely to be low.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Experian Health notified affected healthcare institutions of the error on April 28, 2017. One of those entities was Southern Illinois Healthcare (SIH), which was told that 600 of its patients were impacted. Experian Health is a business associate of SIH and performs insurance eligibility verification during patient registration. Experian Health also works with other healthcare organizations.

At present, it is unclear exactly how many patients have been impacted in total since the incident has yet to appear on the Department of Health and Human Services’ Office for Civil Rights breach portal. It is possible that breach notices will be submitted separately by all of the covered entities impacted by the incident.

SIH has made the decision to offer credit monitoring and credit repair services to all affected individuals as a precautionary measure. Those services, which are being provided through AllClear ID, are available for 24 months without charge.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist