As seen on their site:
BJC HealthCare has notified 644 current and former Raising St. Louis participants that identifying information was shared between participating program partners through unencrypted emails. This is outside of established protocols and BJC sincerely regrets this error. However, no information related to Social Security numbers or other financial information was included in the emails.
BJC Raising St. Louis staff discovered on January 9, 2017, that files containing enrollment and visit information for Raising St. Louis program participants were emailed between service providers in an unsecured manner between January 17, 2014, and January 9, 2017. Immediately upon discovery, the required protocol for emailing data in a secured manner was established. The enrollment information included the participant’s name, address, telephone number, date of birth, date of visit, nursing notes and information related to medication and vaccinations. The email did NOT contain medical information such as diagnosis, tests, results, treatment or hospitalization, or financial data.
BJC investigated the email transmission and has discovered no indication that anyone other than the intended and authorized recipients read or accessed the email. BJC has also taken steps to re-educate staff on the process for sending emails in a secure manner through encryption.
Encryption is a process that translates information into a format that cannot be easily understood by an unauthorized recipient. It is required to be used when transmitting protected/personal health information between providers.
Participants whose names were included on the list have been mailed a letter explaining what occurred and who to contact with any questions. Participant questions can be directed toll-free to 844.867.7277 or by mail to BJC HealthCare, 4901 Forest Park Avenue, Mailstop 90-75-571, St. Louis, MO, 63108.
BJC has complied with all U.S. Department of Health and Human Services Office for Civil Rights notification requirements, including individual patient letters, public news release and website posting.