ASU reveals thousands of students' email addresses in HIPAA violation

The University unintentionally released the email addresses of 4,000 students

ASU unintentionally revealed the email addresses of thousands of its students over the summer, breaching federal health privacy laws. 

In late July, an ASU office sent mass emails regarding health insurance renewal to select students but failed to conceal their email addresses, and in some cases, recipients' names. 

On Aug. 16, the University notified 4,000 students that their email addresses were unintentionally exposed, violating the Health Insurance Portability and Accountability Act, or HIPAA.

The University deleted over 2,540 of the messages in an attempt to limit the release of the students’ information, and over 1,130 of those emails sent were unread, a University spokesperson said. 

Health information that is protected under HIPAA includes any information related to an individual's health care that identifies the individual by name, email address or other identifiers.

No other protected health information was released, the University spokesperson said.

HIPAA is designed to protect patients' privacy regarding medical information and allow them to have more control over their information by setting limits on the use of their health records. 


Reach the reporter at bstoshne@asu.edu and follow @itsbrennaaaa on Twitter. 

Like The State Press on Facebook and follow @statepress on Twitter.


Get the best of State Press delivered straight to your inbox.