On June 8, 2018, New England Baptist Health submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS). Located in Boston, Massachusetts, New England Baptist Health's email breach affected 7,582 individuals’ protected health information. New England Baptist Health is classified as a Healthcare Provider.
According to this report by HealthIT Security: NEBH said it determined that a patient list of a retired NEBH surgeon was mistakenly used to mail out notices about developments at a private orthopedic practice. “During our investigation, we determined that on April 19, 2018, a list of the retired surgeon’s patients was sent to the private orthopedic practice, which the surgeon had originally referred his patients to upon retirement. In addition, in a separate incident, on March 19, 2018, the retired surgeon requested and received a copy of his previous patient list from NEBH. By forwarding this information, an NEBH employee impermissibly provided names and addresses for individuals who may not have continued to receive care from the private orthopedic practice. The list did not include any diagnostic, treatment, clinical, personal, or financial information regarding any patient.”
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights. As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.