In January of 2016, officials at Village of Oak Park discovered an employee had emailed spreadsheets containing the protected health information (PHI) of 688 individuals to a personal email account. The HIPAA violation was uncovered during an internal search for email correspondence between its staff and insurance carriers.
The emailed spreadsheets contained:
The PHI contained in those email attachments affected a wide swath of Illinois government employees and appears to have taken place over a span of three years (2011-2013). Those impacted include current and former employees of:
SEE ALSO: Paubox Suite Premium can Curb Automatic Email Forwarding Rules
Village of Oak Park could not determine why the employee sent the email attachments to their personal email. Although both internal and criminal investigations concluded that the data had not be abused or sold to third parties, it still represented a HIPAA violation. Since there was no legitimate reason for the PHI to be emailed to a personal email account, the employee was terminated.
Paubox Suite Premium offers Email DLP features, which can prevent HIPAA violations by scanning outbound email to detect the presence of protected health information and other indicators. In the case of Village of Oak Park, a good email DLP solution would have detected when that employee included things like Social Security Numbers and dates of birth to a personal account.
Paubox Suite Premium provides the following benefits:
SEE ALSO: Lack of Email DLP causes HIPAA Violation in California