Share this article on:
Two former employees of Valley Family Medicine in Staunton, VA have been discovered to have inappropriately used a patient list, in violation of the practice’s policies.
The list was used to inform patients of a new practice that was opening in the area. One of the employees used the list to send postcards to Valley Family Medicine patients to advise them that a new practice, unaffiliated to Valley Family Medicine, was being opened. Patients were invited to visit the new practice.
The mailing was sent in mid-July this year, although it was not discovered by Valley Family Medicine until September 15. The discovery prompted a full investigation of the breach, which confirmed that the only information used by the employees was the information contained on the list. That information was limited to names and addresses. No other protected health information was taken or used by the employees.
Those two individuals are no longer employed at the practice and the list has now been recovered. Valley Family Medicine is satisfied that there have been no further misuses or disclosures of the information, and that no other copies of the list exist.
In compliance with HIPAA Rules, the breach has been reported to appropriate authorities, including the Department of Health and Human Services’ Office for Civil Rights. All 8,450 patients on the list have been sent a breach notification letter explaining the nature of the incident and informed that there should be no further consequences for patients.