AR: Nephropath notifies patients of potential compromise of PHI

Little Rock-based Nephropathology Associates, PLC (“Nephropath”) notified HHS of a breach impacting 1,260 patients. In a substitute notice on their web site, they explain:

On July 30, 2015 a Nephropath employee inadvertently transmitted a data-set including both Protected Health Information (PHI) and de-identified information to a vendor via unsecured e-mail. The vendor was the intended recipient of the e-mail, however, they did not require PHI to perform their services and only the de-identified component of the information should have been transmitted.

The disclosure was discovered on August 19, 2015. Following the discovery an investigation was conducted and the source of the disclosure was identified. The vendor was contacted, informed of the disclosure and instructed to destroy all copies of the information. Nephropath received written assurance from the vendor that the data has been destroyed and that it was not transmitted to any other parties while in their possession. We do not believe any physical or digital copies were retained by the vendor or any other outside party.

The information transmitted pertained to some patients who were treated by Nephropath between 2000 and 2008. The information disclosed in the data-set included first and last name, patient age at the time of treatment, Nephropath accession number, referring physician, and pathology diagnosis. It is important to note that no Social Security Numbers, addresses or financial information were disclosed.

As a result of this incident Nephropath is reviewing its policies and procedures to protect against future incidents of this nature. As part of this process we will be providing additional training to our workforce and the responsible employee.

We sincerely regret that this incident occurred and apologize for any inconvenience. If you were treated by Nephropath between the years of 2000 and 2008 and would like to know if your information was included in this incident or if you know your information was included and have questions, please call us toll free at 866.736.2529.


C. Aaron Nichols, MHSA, CMPE
Practice Coordinator & Compliance Officer

CORRECTION: This post previously misidentified the involved entity as “Neuropathology Associates.” It is Nephropathology Associates. Thanks to the alert reader who caught my mistake.

About the author: Dissent

2 comments to “AR: Nephropath notifies patients of potential compromise of PHI”

You can leave a reply or Trackback this post.
  1. Anonymous - October 26, 2015

    “Nephropath Associates” or “Neuropath Associates”…

    • Dissent - October 26, 2015

      Yikes! Great catch. I just corrected my post. Thank you sooooo much.

Comments are closed.