That’s bad! The only possible explanation (not an excuse!) I can think of was someone told a new and inexperienced office person to mass message patients meaning in the emr and the person instead did it to personal emails (AND didn’t even bcc!)

Anonymous wrote:Come on... the person who sent the email was probably an administrative person, not one of the professional staff. That person probably makes little money. Calling and being outraged and making complaints will surely get them fired. Like you never screwed up anything at work???

Again- all the more reason to have systems in place so this doesn’t happen. It’s on Chesapeake’s leadership to ensure they’re abiding by the law- not some entry level admin.

Come on... the person who sent the email was probably an administrative person, not one of the professional staff. That person probably makes little money. Calling and being outraged and making complaints will surely get them fired. Like you never screwed up anything at work???

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:No sure how one "corrects," via email recall etc. if opened and read...training and reminders perhaps. Probably intended to use the bcc line. What do you hope to gain via complaint? MD AG?

Well….yea. It’s 2025 and a practice as large as Chesapeake should have safeguards against something like this. Otherwise why bother having any protections at all if there are no consequences?

Also, some of the email addresses have names similar to MoCo/local leaders. Not sure they want folks knowing their family’s business……

Omg that’s bad. I was thinking of getting my kid services at Chesapeake but not doing it if they’re like crap at administration.

I once received someone else’s medical bill from a medical office and it was a fairly big deal as it was a hipaa violation for the person whose bill I received (I was told th person who sent it was “no longer with the practice.”

I wouldn’t make my decision on where to get specialty treatment based on a single administrative error that was corrected. All of this sort of thing is handed by humans and that means there will be errors. No one is perfect. If it were a trend and they ignored it, that would be different.

How many other incidents of this magnitude have you heard of in this area? This is well beyond "no one is perfect." I wouldn't risk it, if there are other options (which in this area, there are).

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:No sure how one "corrects," via email recall etc. if opened and read...training and reminders perhaps. Probably intended to use the bcc line. What do you hope to gain via complaint? MD AG?

Well….yea. It’s 2025 and a practice as large as Chesapeake should have safeguards against something like this. Otherwise why bother having any protections at all if there are no consequences?

Also, some of the email addresses have names similar to MoCo/local leaders. Not sure they want folks knowing their family’s business……

Omg that’s bad. I was thinking of getting my kid services at Chesapeake but not doing it if they’re like crap at administration.

I once received someone else’s medical bill from a medical office and it was a fairly big deal as it was a hipaa violation for the person whose bill I received (I was told th person who sent it was “no longer with the practice.”

I wouldn’t make my decision on where to get specialty treatment based on a single administrative error that was corrected. All of this sort of thing is handed by humans and that means there will be errors. No one is perfect. If it were a trend and they ignored it, that would be different.

Anonymous wrote:I once got a prescription meant for me with another patient's name on it.

PP. (Somewhere else...I was shocked. I wonder what the other person received.)

I once got a prescription meant for me with another patient's name on it.

You can file a complaint with HHS, but I wouldn't expect much. I had Hopkins send a bill for my gynecological surgery to my father. As in, the bill was literally addressed to him with his name on it. JHU never removed him as the guarantor after I turned 18 (I was a pediatric patient). I got the gynecological surgery at 30. JHU admitted they violated HIPAA in a written letter to me. HHS declined to do anything.

Not a YIPPA violation , but I once received another student's IEP through the mail from FCPS. I was shocked.

This makes me chuckle hard. We were there briefly and it was so clear that they wanted to be a "fancy" practice.

Anonymous wrote:

Anonymous wrote:No sure how one "corrects," via email recall etc. if opened and read...training and reminders perhaps. Probably intended to use the bcc line. What do you hope to gain via complaint? MD AG?

Well….yea. It’s 2025 and a practice as large as Chesapeake should have safeguards against something like this. Otherwise why bother having any protections at all if there are no consequences?

Also, some of the email addresses have names similar to MoCo/local leaders. Not sure they want folks knowing their family’s business……

Omg that’s bad. I was thinking of getting my kid services at Chesapeake but not doing it if they’re like crap at administration.

I once received someone else’s medical bill from a medical office and it was a fairly big deal as it was a hipaa violation for the person whose bill I received (I was told th person who sent it was “no longer with the practice.”

I'm guessing they meant they corrected whatever process led to them sending that email.

From a privacy perspective I feel like it would have been helpful if they could have figured out a way to suggest that they accidentally sent this email to a newsletter database instead of current patients or something.

Anonymous wrote:No sure how one "corrects," via email recall etc. if opened and read...training and reminders perhaps. Probably intended to use the bcc line. What do you hope to gain via complaint? MD AG?

Well….yea. It’s 2025 and a practice as large as Chesapeake should have safeguards against something like this. Otherwise why bother having any protections at all if there are no consequences?

Also, some of the email addresses have names similar to MoCo/local leaders. Not sure they want folks knowing their family’s business……

No sure how one "corrects," via email recall etc. if opened and read...training and reminders perhaps. Probably intended to use the bcc line. What do you hope to gain via complaint? MD AG?

Chesapeake center just sent out a email advising patients to fill their prescription by the 19th. The problem? The cc line contained almost 400 email addresses of all those patients. So much for HIPAA!

They then sent a follow up email apologizing for the error and stating it has been recognized and corrected. How did you “correct” that!?

Anyone know who we can file a complaint with?