The York Daily Record, June 26, 2014
WellSpan employees were notified by the company recently that patient information could have been accidentally downloaded on non-WellSpan computers, according to company spokesman Barry Sparks. Sparks said they were not aware of any patient information that had been downloaded as a result of the glitch. If any patient's information would have been downloaded on a shared device, he said, they would notify that patient immediately. According to Rachel Seeger, spokeswoman with the U.S. Department of Health and Human Services, which covers HIPAA regulations, in the event of a breach of patient health information affecting 500 or more individuals, a HIPAA-covered entity is required to notify all affected individuals, and the Secretary of HHS within 60 days.