Whatever DENT Neurologic Institute thought they were sending to 200 patients, they wound up giving them sensitive information on more than 10,200 patients.
 
The Buffalo News reports that through what the local neurology clinic calls “human error” by a “dedicated, long-term employee,” the files were attached to patient emails and sent on May 13.
 
A statement by Dent reveals that the files were not complete patient records – they included only patients’ names, addresses, active/former patient status, last appointment, scheduling code, primary and referring physicians’ names, and e-mail addresses.
 
Dent says it has contacted all the recipients by phone and asked them to delete the files. They’ll have to do more than that, though – incomplete as the files are, they constitute ”individually identifiable health information,” a law professor tells the News – and according to the HIPAA mega-rule, that’s a breach, requiring notification of all affected parties and other cumbersome steps.
 
If HIPAA issues are of interest to you – and if you’re a covered entity or business associate, they should – you can follow them in Part B News.