DataStat, Inc.

An employee of a business associate (BA), DataStat, erroneously misdirected surveys to 487 individuals after failing to following the BA’s re-print protocol after a printer paper jam. The types of protected health information (PHI) involved in the breach included demographic information, including names and addresses. The CE provided breach notification to HHS and affected individuals. The BA also improved technical safeguards to assist with quality assessment checks and sanctioned the involved employee with a written warning. OCR obtained documentation that the BA implemented the corrective actions steps listed above.
Location of breached information: Paper/Films
Business associate present: Yes