By Alan J. Keays, VTDigger
RUTLAND — Rutland Regional Medical Center is apologizing for an error involving the disclosure of hundreds of patients’ email addresses.
The hospital, in a statement, said on May 11 a survey was sent to 700 patients. The email addresses for all 700 were visible to each recipient, the statement added. The addresses were all listed in the “To” field.
“When we were alerted to the situation, we immediately terminated the email survey and started an investigation,” the hospital’s statement said. “The only patient information referenced in the email was the individual email addresses. Rutland Regional Medical Center apologizes for this error.”
The email was sent to survey people about the hospital’s process for discharging patients and how it could be improved.
The hospital, through a spokesperson, declined to comment Tuesday, May 16, beyond the statement.
Mike Fisher, chief health care advocate for Vermont Legal Aid’s Office of the Health Care Advocate, said the matter does raise concern.
“I think it is serious. I’m also relieved to hear that it is only email addresses, and no health information,” Fisher said.
Whether it’s a violation of confidentiality regulations under the Health Insurance Portability and Accountability Act, or HIPAA, Fisher said he wasn’t sure, but if it were there would be reporting requirements for the hospital to follow.
“Generally, if a patient’s name, their identity, is exposed, it’s a HIPAA violation,” he said. “I’m not sure emails were around when HIPAA was written.” The law went into effect in 1996.
Fisher said he expected the hospital would be working on protocols to ensure such mistakes don’t happen again.
“These kind of things shouldn’t happen, and yet because this is a human business they do happen,” he said.
