A mailing error resulted in Cancer Care Northwest sending routine mailings that exposed patient names to other patients. A statement on their web site explains:
In compliance with federal HIPAA and HITECH Regulations, Cancer Care Northwest is required to notify patients and the media when a breach of information occurs. Cancer Care Northwest became aware of a breach on January 10, 2011, which occurred on or about January 7, 2011. The breach occurred as follows:
A letter and brochure with information on a Breast Education and Support Program was sent by Cancer Care Northwest Foundation to select current and former patients of Cancer Care Northwest. In manipulating the address information in a database separate from our Electronic Medical Records, the names and correlating addresses were accidentally separated. Therefore, everyone who was supposed to receive a letter and brochure did; however, the name listed on the envelope at receiving patient’s address was of another patient.
The only personal information that the recipient of the letter received was the name of one other patient addressed on the envelope. No credit, health, financial, or any other personal information was disclosed. Patient’s information in our Electronic Medical Records system has not been affected by this incident and remains accurate. Approximately 3,150 patients were involved in this breach.
We take very seriously our role of safeguarding patient’s personal information and using it in an appropriate manner. In response to this breach, we have notified patients, included additional information on protecting personal health information on our website, and identified a new process for manipulating patient mailing information to ensure an incident like this will not occur again.
If you have questions or concerns, please contact our Safety and Compliance Officer at 1.800.866.9809.
The incident was also reported to HHS.