Misdirecting e-mail with PHI is bad. Misdirecting it to a reporter, well, that’s just begging for bad press. Carolyn Y. Johnson reports:
The first e-mail came at the end of June. It was from a doctor’s office in another state—a large cardiology group. The note listed the name of a test. It listed the full name of the patient. It listed the full name of the doctor who treated that patient. It said the test was normal and provided a number that I could call for more information. Presumably, this was supposed to be good news. But it was someone else’s test result.
Read more on Boston.com. In the case above, the patient had reportedly provided the wrong e-mail address, but Johnson provides other examples as well.
And, like me, she notes how hard it is to get these breaches reported and addressed:
On a final note, I’ve found the amount of back and forth required to correct this sort of mistake borders on the absurd. It doesn’t inspire confidence in the medical professionals who are supposedly on the hook for keeping patient information private.
Amen.