Lehigh County accidentally shared the prescriptions of nearly 700 Cedarbrook residents with 16 companies last December, a potential violation of federal law.

Jason Cumello, the county nursing home’s director and administrator, said Friday afternoon the wrong file was attached to a Dec. 4 email sent to companies interested in the nursing home’s pharmacy contract.


The county was trying to share invoice information for medication prescribed in August, September and October so the companies could make informed bids. The file they sent, however, also included the names of 688 patients using those medications, Cumello said.

The county discovered the mistake within a day and requested the vendors delete the data. All companies provided the county with written confirmation they deleted the files, Cumello said.

Cumello said the county was unsure if the leak violated HIPPA, the federal law that protects individuals’ health care information. The pharmacy vendors also must comply with HIPPA confidentiality rules and protect patient information. The county determined it was best to be transparent about the situation and inform the patients and the public about the miscue.

“We don’t feel any damage has occurred, but we are trying to do the right thing,” Cumello said.

To guard against a similar mistake, all Cedarbrook contracts going through the procurement process now must be reviewed by the nursing home’s health information management officer, Cumello said.

Patients and their families were informed about the error earlier this week, he said. The county made the breach public Friday to comply with federal law.

Cedarbrook residents who believe their information may have been released in the breach may contact the nursing home’s health information management officer at 800-743-9182.