Maine hospital breaches HIPAA by emailing the names of 300 patients taking Suboxone to newspaper

Posted on: Monday, April 22, 2019 By: KorchekStaff

Bangor, Maine-based Northern Light Acadia Hospital mistakenly emailed the names of 300 patients who had prescriptions for Suboxone, a medication used to treat opioid use disorder, to an editor at the Bangor Daily News.

The email, which was a violation of HIPAA, also included the medical providers treating the patients.

Arcadia's director of communication forwarded Bangor Daily News an email that contained a spreadsheet of the patients taking the opioid use disorder treatment drug. The news organization destroyed the files.

Hospital President Scott Oxley determined the data breach was an "isolated" accident that occurred due to human error.

"For us, this is a huge deal. Three hundred names were shared unintentionally. They were shared, nonetheless. This never should have happened," Mr. Oxley said in an interview April 17, according to the Bangor Daily News. "We're not making any excuses for this, but we don't classify this mistake as a systemic issue."

Arcadia is working with its information technology department to ensure a similar incident does not occur. The hospital also plans to alert patients to the data breach.