1,984 patients had their protected health information (PHI) potentially exposed when an unencrypted email was sent by Hot Springs Health Program in North Carolina.
On July 6, 2021, an email with patient data was sent to a new Medicaid care manager. However, an error was made, and the email was sent without any encryption. The email contained a spreadsheet that had almost 2,000 patients' names, birth dates, and Medicaid ID numbers. " The data did go to the correct recipient via email, but it was not secured first, which is a violation of the HIPAA act," said a statement from Hot Springs Health Program. Read more: How to encrypt your email and why you should While using encryption is not necessarily required by HIPAA, there is no other appropriate safeguard for protecting PHI in email communications. Since the covered entity failed to utilize encryption before sending the email, it violated HIPAA requirements to take the necessary steps to protect PHI.
Hot Springs Health Program said that the email recipient permanently deleted the unencrypted email. Its statement explains, " However, due to the nature of email, there is a remote possibility that someone could have improperly accessed that data." Meanwhile, the covered entity doesn't mention taking any further action to prevent human error in the future. This could make the healthcare organization more liable to repeat the mistake in the future and send an unencrypted email again.
Read more: Human error is inevitable - robust email security is a must
Paubox Email Suite enables you to send HIPAA compliant email to your patients by automatically encrypting every message your organization sends. It's easier than ever to communicate with patients directly because they receive your emails right in their inboxes. You can say goodbye to patient portals and forgotten passwords because encryption by default keeps your communication secure. You don't have to worry about training your employees on new software because Paubox Email Suite integrates into your current email provider. It seamlessly works with platforms such as Google Workspace and Microsoft 365 . Our HITRUST CSF certified software provides a business associate agreement (BAA) in every plan, so you can rest assured that we are committed to protecting PHI.