The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

South Florida Community Care Plan Notifies Patients About Insider Email Breach

Posted By on Aug 25, 2021

South Florida Community Care Plan has discovered a former employee sent internal documents containing the protected health information of plan members to a personal email account. The breach was discovered on June 21, 2021 during a review of the former employee’s email account.

An investigation was launched into the unauthorized activity which determined on June 21, 2021 that the documents contained the following types of plan member information: Names, addresses, dates of birth, member identification numbers, primary care physician names, diagnoses, procedure billing codes, approved services, and/or procedure types.

The sending of plan members’ information to personal email accounts is a violation of South Florida Community Care Plan policies; however, no evidence was found to indicate the information was sent outside the scope of the former employee’s employment.

South Florida Community Care Plan said data security is one of its top priorities and steps were taken to prevent unauthorized data access and exfiltration. The employee’s email and login credentials were revoked at the time employment came to an end, a full audit was conducted into the activities of the employee within the IT system, and all company-issued equipment was recovered. A further audit was then conducted into the employee’s actions while employed at CCP to ensure there were no other instances of unauthorized activity.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

All individuals affected by the incident have now been notified and, as a precaution against identity theft and fraud, have been provided with complimentary credit monitoring services. Affected individuals have been advised to monitor their accounts and credit reports over the next 12-24 months for any signs of suspicious activity.

The data breach has been reported to the Department of Health and Human Services’ Office for Civil Rights as affecting 48,344 patients.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist