An employee of the Regional Medical Center in Memphis, Tennessee, sent out three unsecure emails that contained the private health information and Social Security numbers of approximately 1,200 patients. The medical center is notifying patients of the HIPAA breach.
The incident took place between Oct. 29th and Nov 1st 2012, but according to a Medical Center notification, it wasn’t discovered until March 15th, 2013. The unsecured emails included patients’ names, dates of birth, account numbers, phone numbers, Social Security numbers and outpatient physical therapy services data.
The notification also stated that the medical center believes that the incident was an innocent mistake made by an employee; and that there’s been no indication that the patient information has been used unlawfully. The medical center is working with the company that received the emails, and believes that the emails have been deleted and will not be further used or disclosed.
More than 1.2 million patients in Tennessee have had their private health information compromised since the August 2009 Breach Notification Rule, which requires that all HIPAA-covered entities must provide notification when a breach involves over 500 patients.
Blue Cross Blue Shield of Tennessee (BCBST) had one of the biggest HIPAA breaches to date; reporting 57 stolen unencrypted computer hard drives in 2009. The hard drives contained the private health information of over one million patients. BCBST had to pay over $6 million for additional data encryption, as well as nearly $17 million for investigation, protection and member notification. It was also required that BCBST pay an additional $1.5 million to the Department of Health and Human Services and follow a corrective action plan.
Do you have questions about your email security? How about HIPAA? Call us today. Our team of professionals can help you secure your information, protect your confidential information and ensure email mistakes are prevented.