Medical Records of Western Connecticut Health Network Patients Exposed

Nuvance Health has started notifying certain Western Connecticut Health Network (WCHN) patients that some of their protected health information has been exposed.

On June 11, 2019, WCHN sent a box of medical records to the Connecticut State Department of Public Health. The package was sent via the U.S. Postal Service (USPS), but the package was damaged in transit, exposing the contents of the package.

WCHN was notified and retrieved the damaged package from the USPS. A spokesperson for WCHN said there was no indication that any information had been removed and misused and that the package did not appear to have left the custody of the USPS until it was collected by WCHN personnel.

WCHN has now changed its procedures for sending protected health information to ensure similar incidents are prevented in the future. Patients were notified on August 19, 2019.

The types of information in the records was limited to names, addresses, dates of birth, provider names, medical record numbers, diagnosis dates, diagnoses, and medical test results. The HHS’ Office for Civil Rights breach portal indicates 1,293 patients have been affected by the breach.

4,000 Arizona State University Students Notified of Impermissible PHI Disclosure

Arizona State University (ASU) is notifying approximately 4,000 students that their email addresses, and in some cases their name, have been impermissibly disclosed as a result of a recent mailing error.

The students were sent emails in late July about renewing their health insurance. The email addresses should have been hidden but were visible to other students who were sent the mailing.

When the error was discovered, ASU deleted 2,540 of the messages and said 1,130 messages had not been read.

ASU is reviewing its policies and procedures and will take steps to prevent incidents such as this from happening in the future.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.