1,049 Patients of RoxSan Pharmacy Notified of 2015 Email Breach

1,049 patients of Beverly Hills, CA-based RoxSan Pharmacy have been warned that some of their protected health information has been shared with a business associate through an unencrypted email.

The notification letters were sent to affected people during February, although the incident happened on January 20, 2015. Commenting in a recent press release, RoxSan stated that affected individuals are being contatced in “as timely a manner as possible”. The lateness in sending notifications was due to “the protected nature of the forensic investigation”. It is not completely clear when RoxSan Pharmacy became concious of the error.

The protected health information was attached to a data file that was transmitted to a single recipient – A business associate of the pharmacy – who worked on legal matters. That individual had completed a business associate agreement with the pharmacy and was familiar with the responsibilities of HIPAA in relation to patients’ PHI. However, the PHI was exposed as the data file was issued via unencrypted email.

The data file only contained a small amount of protected health information and did not include patient identities, personal identification data, Social Security numbers, or financial particulars.

The information included information regarding patients who had prescriptions filled between April 2015 and August 2015 and was kept to prescription information, drug information, insurance information, physicians’ names, and patient identification information.

RoxSan has not been made aware of any reports that indicate the information has been intercepted and misused. Individuals have been advised of the measures they can take to safeguard their identities and monitor for inappropriate use of their information as a precautionary steps.

The pharmaceutical group has already taken measures to strengthen its operational protections to block any additional breaches like this being experienced.

Author: Maria Perez