A Campbell County Health (CCH) employee made an email error that resulted in the impermissible disclosure of the protected health information (PHI) of 900 people. The health system based in Gillette, WY learned on February 5, 2021 that an employee sent an email to a patient and affixed a file by mistake.
The file had information such as patient names, account numbers, and type of insurance. CCH identified the email error within an hour after transmitting the email and contacted the recipient right away and told him/her to safely delete the attachment. CCH officials provided guidelines on how to make certain that the file was permanently deleted from the recipient’s email account and devices, and CCH has been given sufficient promises that the file was already completely deleted and no other disclosures occurred.
CCH notified the affected persons about the incident and revised internal policies to avert the same occurrences later on. CCH has additionally given more training to personnel regarding best practices for keeping patient data secure.
UT Southwestern Medical Center Informs Patients Regarding Impermissible Disclosure of PHI
UT Southwestern Medical Center located in Dallas, TX is sending notifications to 3,640 patients regarding an inappropriate disclosure of their names and email addresses to a third-party vendor. The data was shared with the third-party provider so as to send invites regarding a Kidney Cancer Program event. No other data was shared. All impacted individuals had received medical services through the UTSW Kidney Cancer Program previously.
There was no further exposure of data, but the sharing of the patient details was not allowed under HIPAA, consequently, patient notification is necessary. UTSW Medical Center stated that UT Southwestern highly values the protection of its patients’ privacy, and deeply regrets the occurrence of this incident and the worry, distress, or problems that it had caused.