Lone Tree, Colo.-based Rocky Mountain Spine Clinic is notifying its patients of a HIPAA data breach after a former employee inappropriately emailed herself a document containing the protected health information of 532 patients.
The clinic announced the incident Wednesday and has since fired the employee, according to a report by the Denver Post.
The email sent to the former employee’s personal account contained patient names, insurance company data and information about patients’ surgical procedures.
Joanne Smith, RMSC’s privacy officer, said the clinic was not pressing charges against the employee, as the incident was an accident: "She did not mean to send (the email); it was bad judgment," the Post reports.
Six big Colorado HIPAA breaches – each involving more than 500 individuals – affecting nearly 117,000 patients have been reported to the Department of Health and Human Services since the August 2009 Breach Notification Rule.
The Centers for Medicare and Medicaid Services has "made significant improvements by recasting the EHR meaningful use program and by reducing quality reporting burdens," said AMA President Steven Stack, MD.