Mail merge mishap leads to data breach

'We deeply regret this event and the inconvenience to you'
By Erin McCann
11:07 AM
Share
A mail merge gone wrong has officials at the University of Florida and Texas Health and Human Services in a rush to send 418 patient notification letters after the error, which occurred one year ago, resulted in a data breach. 
 
Despite patient notification letters being mailed this past week, the incident occurred nearly one year ago and it took officials four months to report the error to the university board.
 
 
The incident occurred when the University of Florida, which partners with the Texas Health and Human Services Commission on a Medicaid wellness initiative, mistakenly sent letters to requesting patient health records to the wrong physicians.
 
As officials pointed out, the administrative mishap resulted after patient and corresponding physician data was sorted incorrectly, which caused certain physicians to receive Medicaid.
 
"We deeply regret this event and the inconvenience to you, and assure you we continue to take steps to keep such incidents from happening again," said Susan A. Blair, chief privacy officer at the University of Florida, in a Sept. 25 patient notification letter. "We have added additional steps to ensure that any future letters requesting health records are only sent to your current physician."
 
 
This is not the first reported breach for the University of Florida. The college has reported three previous privacy and security breaches in less than a five-year period. 
 
To date, more than 38.7 million individuals have had their protected health information compromised in HIPAA privacy and security breaches, according to data from the Department of Health and Human Services.