Question: What must we do in terms of breach notification if we mail a statement to the wrong patient? The statement doesn’t have much information on it, other than the fact that there was a hospital visit, maybe the date of the visit and that the patient went to the visit. Would we have to go through the whole breach notification process?
Illinois Subscriber
Answer: This is the most common error that happens: the visit statement ending up in wrong envelope and going to the wrong address. The statement may not even have very much information on it, but if it does have a patient’s name and information about an office visit then you would need to report this as a breach.
However, since the breach involves just one individual’s information, reporting is a relatively straightforward process. You have to notify only that one individual, and the breach will be one that you should submit in your annual accounting to the U.S. Department of Health and Human Services (HHS) before 60 days after the end of each year.