Unsecured Patient Data Release
On July 27, 2018 Family Medical Group Northeast had an unsecured release of 2077 patients’ names, dates of birth, email addresses and Medical Record numbers. The error was immediately brought to our attention and steps were taken to investigate the release. On August 10th, we sent letters to notify the patients involved in the release.
The error occurred when a staff member was attempted to email a newsletter to 200 current patients and accidently attached a data file containing 2077 patient names, instead of the newsletter. The employee immediately recognized the mistake and attempted to retrieve the email, but some of the emails had already been received by some of the 200 recipients. The data file did not contain any social security numbers, financial information or medical information. The information in the data file was limited to patient name, date of birth, email address and Medical Record number.
We contacted a risk management firm to help assess the disclosure and risk of identity theft to our patients. The risk was determined to be low, since the information released in the email was information that could already be found on the internet and did not contain social security numbers, financial or medical information. Staff and physicians underwent additional HIPPA Training on Wednesday, August 1 where the incident was discussed, and additional safeguards were implemented to protect patient information.
Patients with questions may call the clinic at (503) 288-0083 between 8:00-5:30 Monday through Friday for further information or email Lisa.Kranz@fmgne.com.