Employee error leads to San Diego hospital breaches

HIM-HIPAA Insider, July 28, 2014

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

In just one week, Rady Children’s Hospital-San Diego uncovered multiple breaches of PHI caused by human error that affected more than 20,000 patients, according to a hospital press release.

The first breach occurred June 6 and affected 14,121 patients admitted to the hospital from July 1, 2012, through June 30, 2013. The breach occurred when a hospital employee accidentally emailed a spreadsheet containing PHI to four job applicants when trying to send a training file to evaluate the applicants. Upon contacting the four applicants, the hospital learned that one forwarded the email and attachment to two additional people. The spreadsheet contained patients’ names, dates of birth, primary diagnoses, admit/discharge dates, and medical record numbers, as well as insurance carrier and claim information, according to the press release.

While performing an internal investigation following the June 6 breach, the hospital learned that a similar breach affecting 6,307 patients occurred in August, November, and December 2012. In this instance, a hospital employee emailed a test file containing PHI to three job applicants. An additional six applicants took the same test at the hospital, but were unable to save, store, or send the data. The test contained patients’ names, discharge dates, location they were seen, payer name, and balance, according to the press release.

This article originally appeared on HCPro’s HIPAA Update blog. Stay up to date on all things HIPAA by signing up for e-mail updates from this blog.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!