25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

UMC Physicians Discovers Patient Information Was Uploaded to Unapproved and Unsecured Cloud Service

Posted By on May 15, 2019

The Lubbock, TX-based medical group UMC Physicians is alerting patients of UMC Southwest Gastroenterology that some of their protected health information has been exposed as a result of errors of judgement by two of its employed providers.

Those providers had each set up a Google shared drive which was used to track follow up tasks related to the provision of care to patients. While the shared drives were set up with good intentions and were intended to help improve the care provided to patients, the providers used an unapproved cloud storage solution and patient data was inadvertently stored on an unsecured network.

UMC Physicians discovered the policy violation on March 12, 2019 and launched an investigation to determine which patients’ protected health information had been exposed. During the course of that investigation, UMC Physicians determined that one of the providers had also been forwarding emails containing patient information to an unsecured Gmail account.

The types of information that had been stored on the unsecured network and emailed to the Gmail account included names, addresses, telephone numbers, medical record numbers, dates of birth, dates of service, health insurance carriers, diagnoses, and medical procedures performed. Highly sensitive information such as Social Security numbers, insurance policy numbers, and financial information were not exposed.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

In response to the discovery, UMC Physicians has provided additional training to employees on the use of approved cloud storage solutions and technical controls will be implemented to prevent unauthorized cloud storage solutions from being used in the future.

No evidence has been found to suggest patient information has been accessed by unauthorized individuals nor have any reports been received to indicate there has been misuse of patient information. All patients whose protected health information has been exposed have been notified of the breach by mail.

The breach report submitted to the Department of Health and Human Services’ Office for Civil Rights indicates the PHI of 3,300 patients was exposed.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist