Unsecured Email Transmisions Result In PHI Data Breach

Posted on by Frank J. Rosello

The Regional Medical Center in Memphis is notifying patients of a HIPAA breach after an employee sent out three unsecure emails containing the protected health information and Social Security numbers of nearly 1,200 patients.

The incident occurred between Oct. 29 and Nov. 1, 2012, but according to a hospital notification, the incident wasn’t discovered until March 15, 2013. The unsecured emails included patients’ names, Social Security numbers, dates of birth, account numbers, phone numbers and outpatient physical therapy services data.

“The medical center has been and will continue to work closely with the company that received the emails, and it is believed the emails were deleted and not further used or disclosed at the time of the incident,” the notification read. “The medical center believes this was an innocent employee mistake and has not received any indication that patient information has been used or further disclosed in an inappropriate manner by anyone.”

Since the August 2009 Breach Notification Rule requiring that HIPAA-covered entities provide notification following a breach involving 500 patients or more, more than 1.2 million patients in Tennessee have had their protected health information compromised.

Also See: Slideshow: 10 biggest HIPAA breaches of 2012


Environmental Intelligence, LLC through its partnership with Encryptics, delivers a licensed-based information security and delivery platform that gives users comprehensive protection and complete control over their data, both inside and outside of their network.

This unique security platform encrypts data as soon as it is created-before a transfer takes place-so there is never a vulnerable point where a breach could occur.  Private information never touches this Industry-First Trusted Peer-To-Peer server and remains secure in all states: at device, in transit, in use, and at rest.  In addition, we provide Digital Rights Management (DRM), which gives users the power to control the usage and availability of their data in real time along with Data Loss Prevention (DLP) tools designed to automatically secure outgoing messages at the enterprise level.

Don’t let a PHI data breach, like the one you just read about, happen to you or your organization.  Contact us today at [email protected] or call (866) 992-5559 to learn more about this technology and how it can transform your HIPAA compliance and information security efforts.



Leave a Reply

Follow GOEILLC on LinkedIn Follow GOEILLC on Twitter