Unsecured Emails Lead to Data Breach
Nearly 1,200 patients had their confidential health information disclosed inadvertently following three emails sent by an employee of The Regional Medical Center in Memphis. Patients were notified about the HIPAA breach, which occurred between October 29th and November 1st, 2012. The incident was only discovered, however, in March of 2013.
The emails included patients’ names, Social Security numbers, and other vital information and personal data.
Since August 2009, HIPAA has required that notifications follow health data breaches involving 500 or more patients.
“The medical center has been and will continue to work closely with the company that received the emails, and it is believed the emails were deleted and not further used or disclosed at the time of the incident,” the notification read. “The medical center believes this was an innocent employee mistake and has not received any indication that patient information has been used or further disclosed in an inappropriate manner by anyone.”
continue reading | via Government Health IT