Mankato Clinic notifies patients of health data breach
Mankato Clinic notifies patients of health data breach
Mankato Clinic has launches a Diabetes Care Center.(KEYC)
By Mitch Keegan
Published: Sep. 17, 2021 at 9:13 PM BST
MANKATO, Minn. (KEYC) - The Mankato Clinic has notified more than 500 patients of a breach of unsecured protected health information.
In a news release, Mankato Clinic says on August 3rd an electronic spreadsheet containing patient information for 535 patients was mistakenly e-mailed to a colleague of a Mankato Clinic employee to an external e-mail account. The e-mail was not encrypted. Upon discovery a few minutes after the e-mail had been sent in error, the employee contacted the recipient and asked that the e-mail be deleted. The recipient confirmed that the e-mail was deleted and that the attached spreadsheet was never opened.
Patient information contained within the spreadsheet included: patient full name, address, phone number, e-mail address, date of birth, sex, medical record number, healthcare provider’s name, diagnosis information, and primary insurance carrier. Social Security numbers were not included in the information.
Mankato Clinic has investigated this incident and has determined that it occurred due to use of their e-mail’s auto-complete feature. The Mankato Clinic has received assurances that none of the patient information was accessed prior to being deleted by the recipient.
ADVERTISEMENT
Because the information is protected under HIPAA and was sent via unencrypted e-mail, it meets the definition of a breach under the HIPAA guidelines and therefore requires Mankato Clinic to notify each patient with a letter describing the incident.
Mankato Clinic says these patients do not need to take any action to protect themselves from potential harm resulting from the breach of their personal health information since the e-mail was immediately deleted by the recipient and the information did not include any financial information.
Since 2003, Mankato Clinic has required all staff to participate in annual HIPAA training. Because of this training, Mankato Clinic says the employee involved in this incident immediately recognized that a breach had occurred and self-reported the incident.
Mankato Clinic has launches a Diabetes Care Center.(KEYC)
By Mitch Keegan
Published: Sep. 17, 2021 at 9:13 PM BST
MANKATO, Minn. (KEYC) - The Mankato Clinic has notified more than 500 patients of a breach of unsecured protected health information.
In a news release, Mankato Clinic says on August 3rd an electronic spreadsheet containing patient information for 535 patients was mistakenly e-mailed to a colleague of a Mankato Clinic employee to an external e-mail account. The e-mail was not encrypted. Upon discovery a few minutes after the e-mail had been sent in error, the employee contacted the recipient and asked that the e-mail be deleted. The recipient confirmed that the e-mail was deleted and that the attached spreadsheet was never opened.
Patient information contained within the spreadsheet included: patient full name, address, phone number, e-mail address, date of birth, sex, medical record number, healthcare provider’s name, diagnosis information, and primary insurance carrier. Social Security numbers were not included in the information.
Mankato Clinic has investigated this incident and has determined that it occurred due to use of their e-mail’s auto-complete feature. The Mankato Clinic has received assurances that none of the patient information was accessed prior to being deleted by the recipient.
ADVERTISEMENT
Because the information is protected under HIPAA and was sent via unencrypted e-mail, it meets the definition of a breach under the HIPAA guidelines and therefore requires Mankato Clinic to notify each patient with a letter describing the incident.
Mankato Clinic says these patients do not need to take any action to protect themselves from potential harm resulting from the breach of their personal health information since the e-mail was immediately deleted by the recipient and the information did not include any financial information.
Since 2003, Mankato Clinic has required all staff to participate in annual HIPAA training. Because of this training, Mankato Clinic says the employee involved in this incident immediately recognized that a breach had occurred and self-reported the incident.
