HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Mailing Error Sees 1,126 Letters Sent to Patients’ Previous Addresses

A ‘software glitch’ has resulted in billing statements and other communications sent by TriHealth of Cincinnati being mailed to patients’ former addresses. The privacy breach was discovered in November 2016, and impacts 1,126 TriHealth patients.

The glitch caused current addresses to be substituted with former addresses. In some cases, mail may have been forwarded on to the correct address, although TriHealth was unable to determine whether this was the case.  Letters have now been mailed to the correct addresses and affected patients have been notified of the error by mail.

The error affected mailings of billing statements, appointment reminder letters, and other correspondence between November 15, 2015 and January 12, 2017 when the error was discovered. Individuals affected by the error had all mailings directed to wrong addresses between those dates.

The types of protected health information contained in the mailings varied from patient to patient. PHI that was potentially exposed was limited to patients’ names, visit dates, descriptions of medical service provided, places of service, financial charges, details of payments and adjustments, account balances, due payments, and details of appointments.

Please see the HIPAA Journal Privacy Policy

No insurance numbers, Social Security numbers, credit/debit card information or financial institution information was printed in any of the misdirected letters.

TriHealth has not received any reports to suggest any of the information contained in the letters has been misused in any way. Since the privacy breach only involved a limited amount of data, and the risk of misuse is believed to be low, affected individuals have not been offered credit monitoring or identity theft protection services. They have been advised that they are entitled to obtain a free annual credit report from credit reporting companies and can check for suspicious credit activity.

The software error has now been fixed and affected patients have had their addresses corrected in TriHealth’s computer system.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.