Michigan-based PsyGenics, Inc. provides holistic mental health services to individuals diagnosed with intellectual and developmental disabilities.
On March 25, during a routine security review, they discovered that an employee had emailed files to her personal email account on March 24 — and the spreadsheet contained patients protected health information: name, diagnosis code, appointment time, and provider name.
Read more in their press release. They do not seem to divulge what steps they took with respect to the employee. And they do not indicate the number of patients being notified. If they are a HIPAA-covered entity, and they sound like they would be, we may see this on HHS’s public breach tool at some point, although there’s a chance that this is a < 500 breach.