Prairie Fields Family Medicine’s Email-Related Privacy Breach Impacts 6,450 Patients

Data Breach

Prairie Fields Family Medicine, based in Fremont, NE, is notifying 6,450 patients about the potential exposure of some of their protected health information (PHI). The PHI was  included in an unencrypted spreadsheet which was accidentally sent to an incorrect email recipient.

The email was sent in error on October 1, 2018 and the mistake was identified on the same day. Prairie Fields Family Medicine contacted the owner of the email account several times to ensure the spreadsheet was deleted; however, up to now, the owner has not responded to the messages. Prairie Fields Family Medicine believes the email account is not in use any more and has been abandoned, although there is a possibility that the spreadsheet has been opened and the PHI impermissibly disclosed.

The spreadsheet didn’t contain any financial information or medical data usually included in medical records. The compromised patient information was limited to first and last names, dates of birth, phone numbers, primary language spoken, gender, and race. Some patients also had primary and secondary health insurance provider details exposed, which included the names of providers and patients’ insurance ID numbers.

Prairie Fields Family Medicine has notified all patients affected by the breach and has submitted a breach report to the Department of Health and Human Services’ Office for Civil Rights.

Prairie Fields Family Medicine hasn’t received any reports that indicate unauthorized access or misuse of any patient health data; however, because insurance details have potentially been compromised, affected patients have been advised to check their explanation of benefits statements and look for signs of misuse of their insurance details.

Prairie Fields Family Medicine has since implemented additional safeguards to prevent and further email-related impermissible disclosures of the PHI of its patients.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: