A costly email mistake

I received an email from a doctor’s office where the sender put all of their patients’ email addresses in the “To” field rather than the “BCC” field. That meant every patient could see all of the other patients’ email addresses. Oy, let me count the ways that that is bad news.

To begin with, that is a violation of privacy, especially given the private nature of the business. It’s actually a HIPAA, (Health Insurance Portability and Accountability Act) violation because it is a healthcare organization.

But worse than that, was an unhappy patient decided to send an email to the whole list and state that because he had not had a complaint addressed the doctor was a scam. How do you think that made the patients feel? Concerned that the doctor might be a scam (actually, I think the correct term would be “scam artist”)? Worried that some disgruntled patient has our email addresses? Wondering if we want to continue doing business with this doctor? It’s probably all of those things. This was a very costly mistake for the business.

I’m sure the assistant or receptionist who sent the email had no idea that what she was doing was A. a violation of privacy, B. bad email etiquette and C. a potentially expensive mistake to the business. She knows now. I feel for her.

Email is a wonderful tool, but it must be used carefully and thoughtfully. If you need to send an email to a group of people, always, always put their email addresses in the “BCC” field.

Has this sort of thing ever happened to you? How would you feel if you were one of the patients included in the email? What would you do?

5 thoughts on “A costly email mistake

  1. BethBuelow

    Eeek!! What a blunder. I can think of one time when I accidentally put e-mails in the “To” rather than “Bcc” field, and it was to my current clients. While I didn’t violate any laws or rouse anyone’s ire, I felt cruddy, because I have a policy of keeping my client names confidential (if an individual client wants to say, “Beth is my coach,” that’s fine… I just can’t say “Jane is my client.”). You can bet, it only took that one time for me to remember to never do it again! If I’d been on the receiving end of the e-mail you describe here, I’m not sure what I’d do. I want to say “it depends,” but that’s allowing for lots of gray area where maybe there shouldn’t be any (HIPAA’s pretty clear, after all). For me personally: If everything else was fine, I wouldn’t want the person who hit “send” to get into big trouble; if I was otherwise displeased with the doc’s services, I’d use it as the final straw to start looking elsewhere for health care.

  2. ArdenClise

    @BethBuelow

    Yes, it usually only takes making this blunder once to remember not to do it again.

    I agree with you that the situation does depend on how you feel about the business. In my case, I have had positive experiences with the doctor and I know the person who sent the email probably didn’t know she had goofed until it was too late. So, I politely emailed her and said I was sorry someone had chosen to send a nasty email to the list and that next time she has to send an email to a group I suggested she use the BCC field.

    It’s unfortunate it was a HIPAA violation. They actually sent another email, this one with the addresses hidden and apologized for the mistake. I’m sure they are mortified.

  3. Amnie

    I made the To instead of bcc mistake… I’m employed at a law firm… Although the notification was only to inform clients and colleges about our faulty telephone and Internet lines, I feel like I’ve compromised the firm. This now gives me sleepless nights and I’m thinking of resigning.

  4. Arden Post author

    Amnie, mistakes happen. I’m sorry this happened to you. Have you spoken to your boss? It would be a good idea to be honest about what happened so that if there are any questions from clients your manager will know how to respond. Don’t resign. People make mistakes all the time and your manager can decide how egregious this was. Being honest about your mistake will give you more credibility and show that you’re an honest, responsible employee.

  5. Ovi

    I once CCed about 300 people instead of BCC in a promotional e-mail for a club. My god, the shit I got from one particular person who was telling me he wants to sue unless I pay him whatever amount. He also demanded a written apology letter to his address.

    It was a mistake. They happen, get over it. Someone who doesn’t understand that these things happen need to get off their high horse. I am only human. It’s just an electronic message and I did not kill anyone. E-mail addresses are created and erased each day. Sure it is bothersome to wake up with lots of spam and having to sort through it, but you will have to do it at some point in a number of years of using the same e-mail address.

    The way I dealt with it: apologized and took people off our list if they requested to do. The person who was trying to get money off me I totally ignored forever. He can literally fuck off. Sorry for my language. 🙂

    I know now to quadruple check when about to send mass e-mails or word merged letters. Annie I hope you do not quit just for that, relax about it – apologize and pay attention in the future. It will all be fine I assure you! I felt just like you when it happened to me.

Leave a Reply

Your email address will not be published. Required fields are marked *