On August 8, 2013, during a routine Information Security Systems Audit,
CaroMont Health discovered that patient health information from CaroMont
Medical Group was transmitted by unsecure electronic mail (email).
Upon discovery of this issue, CaroMont Health conducted a thorough investigation
and determined that a staff member emailed the information as part of
an approved patient care coordination process (which is an approved release
of information under HIPAA) but failed to properly secure the email transmission
in accordance with CaroMont’s secure email usage policy.
The email contained protected health information, including name, date
of birth, address, telephone number, medical record number, diagnosis,
last date of service, medications and insurance company name of 1,310
individuals. Of the 1,310 individuals, the Medicare numbers for two patients
Based on the information gathered through the investigation, there is no
reason to believe that the email was intercepted or received by anyone
other than the intended recipient and there is little immediate risk to
health or financial information. CaroMont Medical Group will notify all
affected individuals as required by federal regulations.
CaroMont Health is taking appropriate action to prevent this from recurring
by re-training staff to ensure we continue to use and disclose patient
information as permitted by law and in accordance with our Notice of Privacy
CaroMont Health values the privacy of all patient medical information,
and we view the protection of patient privacy as an essential component
of our mission to provide exceptional healthcare to the communities we serve.