News and Information

Possible Information Security Breach


On August 8, 2013, during a routine Information Security Systems Audit, CaroMont Health discovered that patient health information from CaroMont Medical Group was transmitted by unsecure electronic mail (email).

Upon discovery of this issue, CaroMont Health conducted a thorough investigation and determined that a staff member emailed the information as part of an approved patient care coordination process (which is an approved release of information under HIPAA) but failed to properly secure the email transmission in accordance with CaroMont’s secure email usage policy.

The email contained protected health information, including name, date of birth, address, telephone number, medical record number, diagnosis, last date of service, medications and insurance company name of 1,310 individuals. Of the 1,310 individuals, the Medicare numbers for two patients were included.

Based on the information gathered through the investigation, there is no reason to believe that the email was intercepted or received by anyone other than the intended recipient and there is little immediate risk to health or financial information. CaroMont Medical Group will notify all affected individuals as required by federal regulations.

CaroMont Health is taking appropriate action to prevent this from recurring by re-training staff to ensure we continue to use and disclose patient information as permitted by law and in accordance with our Notice of Privacy Practices.

CaroMont Health values the privacy of all patient medical information, and we view the protection of patient privacy as an essential component of our mission to provide exceptional healthcare to the communities we serve.