Unsecured email puts PHI of 1,310 at risk

CaroMont Health in Gastonia, N.C., has notified 1,310 patients of the security compromise of their protected health information (PHI). A routine information security systems audit revealed that an unsecure email—sent to a trust source outside the organization—was the source of the security lapse, according to a statement released by CaroMont and published by the Charlotte Observer.

“Upon discovery of this issue, CaroMont Health conducted a thorough investigation and determined that a staff member emailed the information as part of an approved patient care coordination process (which is an approved release of information under HIPAA) but failed to properly secure the email transmission in accordance with CaroMont’s secure email usage policy,” according to the statement.

PHI disclosed included name, date of birth, address, telephone number, medical record number, diagnosis, last data of service, medications and insurance company names. Of the 1,310 patients, the Medicare numbers for two patients were included.

There is no evidence that anyone except the intended recipient intercepted the message thus an immediate risk to health and financial information is low, according to CaroMont. As a result of the breach, the organization said it will re-train staff on privacy and security protocol in accordance with its Notice of Privacy Practices.