Little Rock, Ark.-based Nephropath, a nephrology lab, is notifying patients of a July 30 employee error in which a staff member inadvertently transmitted protected health information to a vendor in an unsecured email. As many as 1,260 patients treated at the facility between 2000 and 2008 may be affected.
Following the discovery of the breach on Aug. 19, Nephropath instructed the vendor to destroy all copies of the information. Nephropath reported receiving written confirmation that all copies of the data were destroyed.
The patient data included names of patients, pathology diagnosis, referring physician and age at the time of treatment. No Social Security numbers, addresses or financial records were disclosed. As a result of the error, Nephropath is reviewing its policies and procedure to protect against future incidents.