Email Error Exposes PHI of 7,600 Independent Health Plan Members

An employee email error at Independent Health has resulted in the PHI of 7,600 health plan members being compromised.

Independent Health, based in Amherst, MA, discovered that employee erroneously emailed documents containing the PHI of 7,600 members to one of its members. As the email recipient was not authorised to access this information, the error constitutes a breach of PHI. The incident took place on March 19, 2019.

The email recipient contacted Independent Health within an hour of receiving the information. Frank Sava, a spokesperson for the company, confirmed that the email and the attached documents had been deleted.

The documents contained plan member information such as ID numbers, providers seen, dates of service, claim numbers, claim payment information, and medical procedure codes. As neither Social Security numbers nor financial information was exposed, the risk of identity theft or fraud is believed to be low.

Despite this low risk, as an act of good faith, Independent Health has offered all affected individuals 12 months of complimentary identity theft protection and credit monitoring services.

“Independent Health’s systems were not compromised in any way,” Sava said. “This disclosure was the result of human error.”

He further stated that employee in question has been subjected to disciplinary procedures in line with company policy.

This incident highlights that while external threats garner a great deal of media attention, internal data breaches also pose a significant threat to the confidentiality and integrity of patient data.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at