'We deeply regret this event and the inconvenience to you'
A mail merge gone wrong has officials at the University of Florida and Texas Health and Human Services in a rush to send 418 patient notification letters after the error, which occurred one year ago, resulted in a data breach.
Despite patient notification letters being mailed this past week, the incident occurred nearly one year ago and it took officials four months to report the error to the university board.
[See also: 4-year long HIPAA breach uncovered.]
The incident occurred when the University of Florida, which partners with the Texas Health and Human Services Commission on a Medicaid wellness initiative, mistakenly sent letters to requesting patient health records to the wrong physicians.
As officials pointed out, the administrative mishap resulted after patient and corresponding physician data was sorted incorrectly, which caused certain physicians to receive Medicaid.
"We deeply regret this event and the inconvenience to you, and assure you we continue to take steps to keep such incidents from happening again," said Susan A. Blair, chief privacy officer at the University of Florida, in a Sept. 25 patient notification letter. "We have added additional steps to ensure that any future letters requesting health records are only sent to your current physician."
[See also: Vendor sacked for HIPAA breach blunder.]
This is not the first reported breach for the University of Florida. The college has reported three previous privacy and security breaches in less than a five-year period.
To date, more than 38.7 million individuals have had their protected health information compromised in HIPAA privacy and security breaches, according to data from the Department of Health and Human Services.