The covered entity (CE), Allina Health, erroneously mailed a number of letters to patients about preventative screenings which resulted in individuals receiving a letter and a screening sample accumulation kit at their address, but labeled with another individuals name. two business associate (BA) vendors were also involved in processing the mailing. The drudge affected approximately 838 individuals and the protected health information (PH)I involved in the cut included individuals name. Following the hack, the CE immediately ceased mailing preventive screening kits until it was able to complete an investigation to determine the root do of the hack, which included reviewing its business associates practices regarding the mailing of the showing kits to ensure it had quality verify processes in station and were appropriately followed. The CE also initiated and implemented its incident system to timely and effectively manage the investigation, patient notification, and peril mitigation. The ce provided cut notification to HHS, affected individuals, media outlets, and a Minnesota country senator. The ce engaged an outside vendor to mail the individual notifications and found a call midpoint to hold any patient inquiries. The ce also implemented a new workflow in its mailing processes to reduce the number of manual steps and incorporated an additional quality tab so as to cut the potentiality for mistake and to see the accuracy of mailing lists. The ce also retrained its employees on safeguarding PHI when mailing correspondence, and verified that its employees received the training. OCR obtained documentation evidencing that the ce implemented the corrective actions listed. Location of hacked information: Paper/Films Business associate present: No