Hot Springs Health Program sends unencrypted email

Featured image

Share this article

Hot Springs Health Program sends unencrypted email - Paubox

1,984 patients had their protected health information (PHI) potentially exposed when an unencrypted email was sent by Hot Springs Health Program in North Carolina. 

What happened?

On July 6, 2021, an email with patient data was sent to a new Medicaid care manager. However, an error was made, and the email was sent without any encryption. The email contained a spreadsheet that had almost 2,000 patients’ names, birth dates, and Medicaid ID numbers.

The data did go to the correct recipient via email, but it was not secured first, which is a violation of the HIPAA act,” said a statement from Hot Springs Health Program.

Read more: How to encrypt your email and why you should

While using encryption is not necessarily required by HIPAA, there is no other appropriate safeguard for protecting PHI in email communications. Since the covered entity failed to utilize encryption before sending the email, it violated HIPAA requirements to take the necessary steps to protect PHI.

How is the Hot Springs Health Program responding to this breach?

Hot Springs Health Program said that the email recipient permanently deleted the unencrypted email. Its statement explains, “However, due to the nature of email, there is a remote possibility that someone could have improperly accessed that data.” 

Meanwhile, the covered entity doesn’t mention taking any further action to prevent human error in the future. This could make the healthcare organization more liable to repeat the mistake in the future and send an unencrypted email again.

Read more: Human error is inevitable – robust email security is a must

How can you prevent making the same mistake?

Paubox Email Suite enables you to send HIPAA compliant email to your patients by automatically encrypting every message your organization sends. It’s easier than ever to communicate with patients directly because they receive your emails right in their inboxes.

You can say goodbye to patient portals and forgotten passwords because encryption by default keeps your communication secure.

You don’t have to worry about training your employees on new software because Paubox Email Suite integrates into your current email provider. It seamlessly works with platforms such as Google Workspace and Microsoft 365

Our HITRUST CSF certified software provides a business associate agreement (BAA) in every plan, so you can rest assured that we are committed to protecting PHI.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Sara Nguyen

Read more by Sara Nguyen

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022