The Florida hospital is now sending out data breach notices to impacted individuals.
What happened
BayCare’s Winter Haven Hospital was involved in an impermissible disclosure on March 15th. These disclosures occur when a recipient receives protected health information (PHI) that they are not privy to under HIPAA regulations.
According to the hospital’s Notice of Privacy Incident, the impermissible disclosure was caused by an employee. The employee sent email forms to a patient and accidentally attached a cardiac rehabilitation department file, containing PHI information about other patients.
Winter Haven reported the incident to the Department of Health and Human Services (HHS), citing that 2,101 individuals had their data disclosed.
Going deeper
After sending the message, the employee quickly identified the error and contacted the recipient, who agreed to delete the file.
Protected health information in the document included: cardiac rehabilitation patient names, dates of birth, the procedure requiring cardiac rehabilitation, date of service, and, in some cases, email addresses, and/or phone numbers. Winter Haven has shared that they do not believe any information has been inappropriately used. On May 8th, Winter Haven began mailing letters to impacted individuals that they were able to find an address for.
Why it matters
Impermissible disclosures can have a range of impacts on hospitals. Corrective action plans may need to be established, and employees may need to face additional consequences, like repeated training. For some employees, it can result in termination or even legal repercussions. Hospitals may also face legal or financial penalties, or be required to undergo investigation if incidents occur frequently.
Perhaps more importantly, it can erode patient trust. When patients work with a hospital, they expect to have their privacy and health information protected. The public is becoming increasingly aware of data breaches, especially those that may have been caused by negligence.
When hospitals, or their employees, fail to uphold a high standard for security, they may be opening themselves up to additional lawsuits.
The big picture
Winter Haven joins a large number of hospitals that have been impacted by breaches this year. In comparison to some of the massive breaches we’ve seen, like the UnitedHealth breach impacting millions of Americans, the Winter Haven breach is relatively small.
Breaches like these are, however, extremely avoidable. The best email security systems will help ensure the correct recipient is receiving information. Systems like Paubox also automatically encrypt emails, ensuring that data remains safe while in transit.
Read more: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
