Breach, Data Security

Employee fired for emailing health data to herself

Emailing protected health information (PHI) to a personal email address cost one Rocky Mountain Spine Clinic employee her job last week.

How many victims? 532 patients.

What type of personal information? Name, insurance company information and tracked patient surgeries. 

What happened?  The employee emailed a document containing the PHI to a personal email address, explaining she thought she could work from home. 

What was the response? A report was filed with the Lone Tree Police Department. Letters were sent to affected patients. The Colorado-based clinic hired a forensic specialist to examine the employee computer and her email account and it was determined that neither the computer nor the email contained personal information. The employee was fired.

Details: The billing department employee created a document with the information and emailed it to her personal email address. The IT department of the Rocky Mountain Spine Clinic discovered the email was sent. Although the employee was fired, no charges were filed against her since the clinic believed the whole things was a mistake.

Quote: “She actually did not mean to send [the emai], it was bad judgment,” said Rocky Mountain Spine Clinic privacy officer Joanna Smith. “She thought she could work from home.”

Source:, “Former Rocky Mountain Spine Clinic employee stole patient information,” July 31, 2013.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.