California-based St. Joseph Health mistakenly released the private information of 11,800 home health patients to an investment firm working on a business proposal for the health system.
The patients' private information was divulged when a St. Joseph Health employee accidentally sent a Microsoft Excel file to Cain Brothers, an investment banking firm. Before sending the file, the employee did not delete the file tab that included identifiable patient information, and the file was not encrypted, according to a Press Democrat report.
The data sent to the investment firm included patients' names, referral sources, referral types, admissions dates and the medical unit where treated.
The patients' information was sent to the investment firm on Feb. 18, and St. Joseph Health notified affected patients of the data breach on Feb. 25.
"We discovered the issue on the same evening the email was sent and immediately contacted the recipient of the file requesting that it be deleted and not used or disclosed," said Cambria Haydon, St. Joseph regional compliance director.
As a result of this incident, all St. Joseph Health personnel involved in the data breach are receiving privacy compliance training.
More Articles on Data Breaches:
Data Breach Affects 826 Georgia Patients
Cornerstone Health Notifies Patients After Laptop Containing Personal Information Stolen
Potential Data Breaches Most Significant Barrier to mHealth Adoption, Survey Finds