An incorrect email sent to hundreds of One Medical patients exposed their email addresses.On Wednesday night, several One Medical patients shared a screenshot of the same email on Twitter More than 900 people. This email may be sent to multiple groups of patients in batches, but One Medical has not confirmed how many people were affected.
Ironically, this message starts with “Hi %recipient.preferred_name%, ensuring the safety of your health information is our top priority…” requires users to verify their email addresses.
One Medical sent an email to hundreds of users, disclosing their email addresses.Twitter screenshot
In a brief statement on Twitter, The company apologized and confirmed that the incident was not caused by a security breach. One Medical did not respond to requests for comment on what happened.
Although the email does not contain the user’s name or health information, considering that the email address is considered an identifier under privacy laws, it may still comply with HIPAA regulations.
“If a patient’s email address is disclosed along with health information to unauthorized recipients—for example, the fact that the individual is a patient of a particular provider—usually constitutes a reportable violation under HIPAA, which means that it must be Report to those affected. Individuals and state governments,” wrote Mintz Levin’s lawyer Dianne Bourque, who specializes in privacy.
The company must also consider different state regulations to determine whether it has additional reporting obligations. Most importantly, depending on the number of people involved, the federal government may also launch an investigation.
“Overlapping state and federal obligations are just one of the reasons why data breaches are so difficult,” she wrote.
This is not good for One Medical, it faces Controversy earlier this year Let some users rush to buy vaccines before medical staff. But in terms of security breaches, the situation could be worse. Bourque said that not everyone’s email address contains their name, and no other sensitive information appears to be revealed in the email.
Some One Medical users even found a little humor in this situation.
“On the one hand, I am grateful. The pandemic is difficult for all of us, and I am happy that One Medical has forced me to make 980 new friends,” One person responded to everything in one email Signed, “A person who knows how easy it is to make this mistake.”
Photo Credit: Epoxydude, Getty Images
