HIPPA Violated by Dent Neurologic Clerk by Sending PHI to Patients

by | May 16, 2013

Mobile devices being stolen may be one of the main causes of HIPAA breaches, although human mistakes can easily lead to patient health data being accessible, with Dent Neurologic the latest healthcare group to suffer a major HIPAA breach due to the actions of a member of staff.

Dent Neurologic, a neurologic institute operating in Buffalo and West New York, accidentally sent out a spreadsheet containing PHI to 200 patients in a routine email. The spreadsheet included data relating to 10,200 patients and was attached, in error, to an email by a clerk in the DNI administration office.

The data did not include information about treatment and diagnoses, nor Social Security numbers or dates of birth. However, patient names, email and home addresses, last appointment dates and the name of the treating doctor were all listed on the spreadsheet.

Dent Neurologic CEO, Joseph V. Fritz, released a news alert explaining the mistake, which has been attributed to an error made by the clerk. Fritz remarked that “We are very sorry this happened, and we deeply apologize to all of our patients, referring physicians and WNY health care partners.” He added “Patient confidentiality is extremely important in our field, and we take it very seriously, and we will review how this accident happened so we can take steps to minimize the possibilities it could ever happen again. This is an inexcusable event.”

The HIPAA Security Rule requires all patients must be notified of the violation. Before that step was taken Dent made contact with all people who had been sent the email and asked patients to delete it. Several patients of the institute have voiced serious worries about the email and the security lapse.

While the hospital argued it had notified all affected, The Buffalo News made contact with a number of the persons included in the breach and some said that they had been informed of the issue. Some patients believe this a direct breach of HIPAA regulations and that the healthcare centers did not take the necessary steps to ensure to keep patient data private.

A HIPAA breach is defined as impermissible use or disclosure of individually identifiable health information which compromises the privacy and security of PHI, which IN TURN poses a danger of harm, damage or loss to the people affected. At the present time, financial sanctions are only issued for willful neglect which leads to the disclosure of PHI, although HIPAA violations could potentially also see fines issued.

As sought by HIPAA, Dent will be contacting the persons affected by the breach to warn them that their PHI may have been viewed by unauthorized personal. According to the Buffalo News, at least two people who had been sent the E-mail had opened the attachment and viewed the information.

This is not the first occasion that Dent has been criticized for its patient communications. Recently a correspondence was sent to all patients in the Dent database in error, with the communication only intended for people being treated by Catholic Medical Partners physicians. That incident only caused confusion and did not breach HIPAA violations; although the error suggests that policies and procedures need to be reviewed at the neurologic institute and the employees re-trained on data security and privacy areas.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy