The covered entity (CE), florida Department of Health, Childrens Medical Services, discovered that that an employee faxed an email roster with all patients that needed medical supplies to each of their medical vendors. The policy is that the medical supply vendor only receives the names of patients to whom it will directly render orthopedic supplies. The protected health information (PHI) on the e-mail roster included patients' names, dates of birth, and the indemnity info of 523 individuals. The ce provided plug notification to HHS, affected individuals, and the media, and also posted reserve notice on its website. The ce also readiness up a toll release telephone number to reply questions. in response to the hack, the ce ceased the practise of sending daily rosters containing patient information to vendors. The CE sanctioned and re-trained the employee involved in this hack and retrained all employees on its HIPAA policies and procedures. OCR obtained assurances that the CE implemented the corrective actions listed above. location of hacked information: Paper/Films business colligate present: No