In calendar year 2017, misdirected emails resulted in more than 100 patients’ information being sent in error to individuals outside of Nebraska Medicine and UNMC. Each of those patients had to be notified that their personal information was sent to someone who is a stranger to them — unsettling news to say the least. The institution must also inform the U.S. Dept. of Health and Human Services, Office for Civil Rights of these incidents.
“These mistakes pose a reputational risk to the organization, as well as a financial risk,” said Debra Bishop, privacy officer.
If you’ve ever sent an email to someone at a Gmail, Hotmail or any address other than nebraskamed.com or unmc.edu, you may not be aware that by doing so, that email address is now added to your contact list.
“The email you sent to your friend to meet for lunch, or the email communication with regulatory agencies, or an email to one of your patients can all add to that contact list — and to the risk of misdirecting an email,” Bishop said. “And those are in addition to all the UNO, UNL and UNK addresses already in the Global Address Book.”
To help reduce our risk, a feature in Outlook was recently tested successfully.
As of Feb. 28, when you add an outside email address to an email, you will get a response in the same spot you usually see the ‘out of office’ messages. It will say:
Sending email to addresses other than nebraskamed.com and unmc.edu is permitted as long as such emails otherwise comply with our policies.
These new features are intended to help colleagues avoid unintentionally sending patient or other confidential information to individuals outside our organization.
Colleagues also may reduce risk by deleting addresses from their “Suggested Contacts” address book.
For questions, please contact: Lisa Bazis, chief information security officer, at 402-559-2882, or Bishop at 402-559-5136.