Health Information Compliance Alert

Industry Notes

Before you next hit send, read this. A former Geisinger Health System gastroenterologist emailed himself almost 3,000 patients' unencrypted PHI to analyze his procedures. The doctor's action prompted Geisinger to notify the patients by letter that "some of their PHI had been disclosed in an unauthorized manner," according to a Dec. 27, 2010 press statement from the organization.

The emailed information included "patient names, Geisinger medical record numbers, procedure, indications and the physician's brief impressions regarding the care provided," the statement notes. But it didn't involve the kind of information that puts people at risk for financial identify theft -- that is, no social security numbers, addresses, phone numbers, patient account information, etc., the organization reported.

Immediately after being contacted about the problem, the gastroenterologist "contacted and authorized his home email provider to delete the protected health information from its network and servers," said Geisinger privacy officer John Gildersleeve, in the press statement. The doctor "also deleted this information from his home computer."

To read the press statement in full, go to https://webapps.geisinger.org/ghsnews/articles/Geisingerinformspatientsof8477.html.