EDUCATION

ASU exposed student email addresses in health privacy breach

Rachel Leingang
The Republic | azcentral.com

Arizona State University inadvertently exposed the email addresses of thousands of students in what is considered a breach of federal health privacy law.

The university notified 4,000 students on Friday that their email addresses were "accidentally revealed" in late July, the university said.

In the breach, an ASU office sent bulk emails about health insurance renewal to students without masking the identity of recipients, according to the university.

Some email addresses showed recipients' names.

The "unintended action" was a breach of the Health Insurance Portability and Accountability Act, the university said. HIPAA protects health information from public disclosure. No protected health information was released aside from the student email addresses, ASU said.

FOR SUBSCRIBERS:Are bulletproof backpacks an answer to protect kids from school shootings?

The university was able to delete more than 2,540 of the messages that landed in ASU inboxes, and more than 1,130 of the emails went unread, the university said. 

The university put in place procedures to protect information in the future and more levels of approval for sending out mass emails. Students who received the notification were also given information on assistance. 

Reach reporter Rachel Leingang by email at rachel.leingang@gannett.com or by phone at 602-444-8157, or find her on Twitter and Facebook.