Can Your Printer Cause a Data Breach?

It did for University of Pennsylvania patients.

The University of Pennsylvania Health System (Penn), through its billing business associate, RevSpring, inadvertently sent patients bills containing both their information and information of other patients.  “RevSpring, a Michigan-based billing vendor used by Penn, believes the misprinted bills which caused the data breach were due to a printing malfunction. While the front of the statements were printed correctly, the reverse contained a second patient’s information.  Penn stated that the information was limited to patient names, physician names, service and test information, and the amount owed by the patient, and did not include dates of birth, diagnoses, insurance numbers, or Social Security numbers. While an exact number of affected patients was not given, Penn noted that it was more than 1,000.  RevSpring reported the error to Penn on December 5, and has since notified affected patients and investigated the incident to prevent a recurrence.”  Article.

Interestingly, and although not guaranteed, the Department of Health and Human Services (HHS) said it  would not penalize an unintentional data breach that is corrected within 30 days, but it is unclear whether Penn’s response the breach would be enough from HHS’s perspective.

Health care providers are relying more and more on technology being incorporated into their practices.  This include electronic medical records, data exchanges between satellite offices, internets, intranets and externets, and business associates and their subcontractors.  However, as health care providers rely on technology, they must have the appropriate policies and procedures in place to ensure that unsecured protected health information (“PHI”) is not inadvertently disclosed to the wrong patients.

Given the devastating civil and criminal penalties associated with data breaches, as well as the reputational harm, health care providers need to work with a health care attorney that specializes in preparing and implementing appropriate policies and procedures, and effectively train staff to avoid potential data breaches.

Tell us how your organization protects its information?   Share your ideas with us by clicking on the comment button below.  We’d love to hear from you.

Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.

Related Posts


Recent Posts

Getting Remarried? Here’s What You Need to Know
March 21, 2024
What is the Biggest Threat to Healthcare?
January 30, 2024
How Can I Simplify Estate Planning?
January 11, 2024
I Have a Trust. Now What?
December 7, 2023
Breaking: Corewell Health Breach
December 5, 2023


Subscribe to Our Newsletter

Subscribe and get your FREE copy of Easy Guide to HIPAA Risk Assessments

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment. (an $8.99 value)

Thank you for subscribing to the Rickard & Associates healthcare blog. You'll receive a confirmation email shortly. After verifying your subscription request, you'll be sent to the "Easy Guide to HIPAA Risk Assessments" download page.