Employee ousted for breach blunder
Colorado clinic notifies patients of HIPAA email violationLONE TREE, CO | August 1, 2013
Lone Tree, Colo.-based Rocky Mountain Spine Clinic is notifying its patients of a HIPAA data breach after a former employee inappropriately emailed herself a document containing the protected health information of 532 patients.
The clinic announced the incident Wednesday and has since fired the employee, according to a report by the Denver Post.
The email sent to the former employee’s personal account contained patient names, insurance company data and information about patients’ surgical procedures.
[See also: Slideshow: 10 biggest HIPAA data breaches in the U.S..]
Joanne Smith, RMSC’s privacy officer, said the clinic was not pressing charges against the employee, as the incident was an accident: "She did not mean to send (the email); it was bad judgment," the Post reports.
Six big Colorado HIPAA breaches – each involving more than 500 individuals – affecting nearly 117,000 patients have been reported to the Department of Health and Human Services since the August 2009 Breach Notification Rule.