Cyber News Group
View Events

Email Mistake Leads to Exposed PHI of 11,500 Patients in US!

Email Mistake Leads to Exposed PHI of 11,500 Patients in US!

A US health plan provider recently revealed a data breach of 11,500 patients that was started by an email error.

It happens…..we realise a split second after sending an email that we left someone cc’d that we should not have, or that we forgot to attach the most recent .PDF of some report. While these are relatively minor failings, it can happen on a larger scale, with much more serious consequences.

Error

An employee at Iowa Total Care, Inc., a managed care organisation based in Des Moines, US knows that feeling well now. The organisation, a health plan that is a subsidiary of Centene, a large, publicly traded managed care organisation based in Missouri, recently confirmed that an email error accidentally resulted in the information of 11,581 patients being sent to the wrong recipient.

It was reported that the employee mistakenly sent an Excel spreadsheet containing claims data to a large provider organisation.

Excel

While normally not a problem, this file contained protected health information (PHI) belonging to patients who had not received medical care there.

The Excel sheet contained information like names, Medicaid ID numbers, dates of birth, & procedure & diagnosis codes. The information of 11,581 patients.

Deleted

The recipient reportedly never shared or copied the spreadsheet & instead deleted it. To address the security lapse, the healthcare facility claims it has re-educated the employee & implemented additional safeguards to stot an incident like this from recurring.

As the provider is a HIPAA covered entity, it was required to inform the US Department of Health and Human Services’ Office for Civil Rights; the breach appears on OCR’s Breach Portal with a submission date of June 23.

Safeguards

HIPAA’s Privacy Rule requires covered entities to implement safeguards to protect sensitive patient data like PHI. At 1st glance it is unclear exactly what safeguards Iowa Total Care had in place.

Healthcare record breaches are not uncommon these days – they can easily pile up, leading to a compliance nightmare – but having a solution in place that can see, classify, & protect data like Medicaid numbers could have prevented PHI egress in the first place & diminished the chance of the data getting sent off via email.

https://www.cybernewsgroup.co.uk/virtual-conferences/

 

SHARE ARTICLE

OTHER ARTICLES

RELATED ARTICLES

View All Articles
Cyber News TV
Cyber News Events

This is the next generation of conference networking. At Cyber News Group, we have built our stellar reputation on our unique conference experiences for the cybersecurity space. We have had the honour of hosting premium events for leading figures in the public and private sector leaders, providing industry insights, networking opportunities, and sponsor showcases. We wanted to use our extensive database to bring people together – to bring some light to the situation. 

Head Office: Hilton House 71-73 Chapel Street Manchester M3 5BZ

Switchboard Number: 0845 307 6277

General Enquiries: info@cybernewsgroup.co.uk

News: news@cybernewsgroup.co.uk

Web Designer – Pixel Created LTD
Twitter Youtube Linkedin