Duluth, Minn.-based Essentia Health has acknowledged a patient information breach after several patients complained that their names and addresses were given to a marketing firm without their consent, according to a Jamestown Sun report.
The marketing firm sent out invitations to a hospital seminar on low spine minimally invasive implant procedures to approximately 430 patients who suffer from lower back symptoms, though none of the patients consented to their names and addresses being distributed, according to the report.
Essentia's chief compliance and privacy officer Vicki Clevenger said no patient medical or clinical information was shared, but the healthcare organization did acknowledge the incident as a breach of patient information, according to the report.
Patients who received the invitation were asked to RSVP to a SI-BONE email address. SI-BONE is a company offering minimally invasive implant procedures. However, Ms. Clevenger said the seminar was not a marketing session, and no patient information was sold, according to the report.
Ms. Clevenger said patient names and mailing addresses were "erroneously released" to the marketing firm, and Get Marketing returned the device containing patient information and said they did not keep any of the data in their files, according to the report.
Essentia Health has launched an internal investigation into the incident, according to the report.
More articles on data breaches:
4 shortcomings of HIPAA in the era of reform
Computer theft prompts Self Regional Healthcare to notify patients of data breach
Women and Infants Hospital to settle data breach for $150k