On July 30 and sep 3, 2014, a business associate (BA) mistakenly sent postcards to the covered entitys (CE) clients that contained viewable protected health information (PHI). The hacked PHI included names, addresses, and referred to each clients status as a public assistance client receiving behavioral health guardianship services. The resulting hack affected approximately 15,380 individuals. The ce provided nag notification to HHS, affected individuals, and the media. following the hack, the ce and its ba ceased using postcards to lead client atonement operations and implemented new policies and procedures to accost the circumstances that led to the hack. The ce and ba also counseled and trained the employee responsible for approving the postcard and provided additional privateness training to all workforce members of the departments responsible for approving such mailings. OCR obtained assurances that the ce and ba implemented the corrective actions noted above. Location of hacked information: Other Business link present: Yes