The Tulare County Health & Human Services Agency (HHSA) has announced a potential breach involving the protected health information of 845 patients seen at the Visalia and Farmersville clinics who use the online Patient Portal.
The potential breach occurred on March 19, 2015, when an employee sent an email and neglected to encrypt and blind copy the recipients of the email.
No health information was disclosed, but email addresses of the affected patients were visible to all other parties copied in the email.
In response to the incident, all affected Patient Portal accounts were disabled to prevent any unauthorized access.
HHSA states that it has not received any indication that the information in the email has been accessed or used by unauthorized parties, and the breach is being reported to the U.S. Department of Health & Human Services, the California Department of Health, and the California Attorney General.
According to the notification on the agency’s website, affected patients should have already received a letter stating that they were a part of the potential breach.
In a somewhat atypical recommendation, HHSA encouraged patients who are affected to change their email addresses before re-registering through the Patient Portal, in addition to changing their patient portal login PIN.
Patients who have questions or concerns can contact HHSA by phone at (800) 834-7121 anytime between the hours of 8:30 a.m. and 5:30 p.m., Monday through Thursday, and 8:00 a.m. until noon on Fridays. Email inquiries can be directed to PrivacyOfficer@tularehhsa.org.