UofL Health in Louisville, Kentucky is the latest healthcare provider to have breached HIPAA by sending protected health information (PHI) to the wrong recipient.
On June 7, UofL Health started notifying over 42,000 patients of a data breach that occurred the same day. Several emails containing PHI were accidentally sent to an unauthorized recipient. The recipient told UofL Health the next day that the emails were never viewed or accessed and had been deleted from their network system. The unintended recipient also provided technical evidence to prove it. UofL released a statement saying, "We are relieved that our patients' information is not at risk as a result of this incident." The healthcare system is offering identity protection services to affected patients as an extra precaution.
How could this have been prevented?
Human error is the most likely cause of sending sensitive emails to unauthorized individuals. While healthcare organizations may train their employees on cybersecurity , people making honest mistakes will always be a major threat to your network security.
So what can a covered entity do to ensure that emails containing PHI aren't sent to the wrong people? One solution is to choose an email security provider that includes data loss prevention (DLP) . Email DLP is an additional technical safeguard that prevents sensitive data from being accidentally or maliciously sent to unauthorized email addresses. A good email DLP system will mitigate risks and prevent data breaches. Paubox Email Suite Premium includes both inbound and outbound DLP. Customers configure their own rules to ensure that employees can't send sensitive data to the wrong party or receive information they are not authorized to view. For example, the billing department doesn't need Social Security numbers, so you can set up a rule that will stop an email from being sent if it contains that kind of personally identifiable information (PII). Paubox allows you to send HIPAA compliant email while maintaining robust encryption and security safeguards.