Bozeman Health Deaconess Hospital

Due to a misaligned spreadsheet, on or about February 19, 2016, Executive Services, a business associate (BA) of the covered entity (CE), Bozeman Health Deaconess Hospital, erroneously sent letters to 1,124 patients containing the another patient’s name. The type of protected health information (PHI) involved in the breach included names. The CE provided breach notification to HHS, affected individuals, and the media. Following the breach, the CE implemented a new process for sending mass mailings, required the responsible employee, as well as managers and supervisors, to attend HIPAA refresher training, and required the responsible employee to take a class on specific spreadsheet software. OCR obtained assurances that the CE implemented the corrective actions noted above.
Location of breached information: Paper/Films
Business associate present: No