The Department of Social and Health Services’ Behavioral Health Administration has confirmed that a spreadsheet containing private information of 515 patients at Western State Hospital was sent to an incorrect email address.
“We are entrusted with confidential patient information,” explained Carla Reyes, Assistant Secretary for BHA. “One instance of disclosing personal information is one too many. We do not take this mistake lightly and have responded by improving our oversight processes and staff will be retrained on proper email protocol.”
On Sept. 20, the breach was discovered after an employee at Western State Hospital discovered they had sent a document containing client health history to an incorrect email address. WSH contacted the recipient asking them to delete the inadvertent message. The recipient did so immediately.
Personal health information such as names of patients, admission dates to Western State Hospital, the Western State Hospital medical record number, date of birth as well as specific diagnosis of infection were included on the spreadsheet. No social security numbers or patient financial information were in the email.
DSHS is notifying all clients affected by this breach. At this time, there is no reason to believe that the health information shared is sufficient for there to be instances of identity theft or impact to credit scores. Those with questions or concerns can find more information on both the Washington State Attorney General’s website as well as the Federal Trade Commission’s site.
A release from DSHS said that further training and greater supervision around handling confidential patient information were implemented since the incident. There has also been a new procedure regarding access to patient information maintained by the hospital to prevent any further release of confidential health information.