RevSpring, Inc.

Due to a printing error at the covered entity’s (CE) business associate (BA), RevSpring, Inc., patients received billing statements containing other patients’ protected health information (PHI). The breach affected approximately 3,000 individuals. The types of PHI involved in the breach included names, account numbers, balances owed, procedure codes, procedure descriptions, providers’ names, and dates of services. Following the breach, the CE obtained assurances from the BA that additional safeguards would be implemented to prevent future disclosures. OCR reviewed the CE’s policies and procedures to ensure compliance with the Privacy and Security Rules.
Location of breached information: Paper/Films
Business associate present: Yes