Health giant Kaiser Permanente is notifying 670 patients of a HIPAA privacy breach after an emailed attachment containing the protected health information of patients was sent to a recipient outside the Kaiser network.
The attachment was accidentally emailed by a Kaiser employee to a member of a pilot wellness screening competition back in May. "While the recipient was intended and authorized to receive the summary competition information, some of your personal information related to the competition was accidentally included in another location within the same file," a Sept.10 letter to affected patients read.
Patient names, medical record numbers, email addresses, employers, phone numbers, department names and appointment dates for health screenings.
The error was discovered by Kaiser officials in late July. "The recipient has been very cooperative and has given Kaiser Permanente every assurance, including a legal attestation, that the information was not viewed and has been deleted," wrote Cynthia Striegel, vice president of strategic accounts, California, Kaiser Permanente. "On behalf of Kaiser Permanente, we offer our sincerest apology that this unfortunate incident occurred."
[See also: Breach after patient data pops up online.]
All 670 patients were from Kaiser Northern California facilities.