The security lapse was uncovered during a routine audit. "Upon discovery of this issue, CaroMont Health conducted a thorough investigation and determined that a staff member emailed the information as part of an approved patient care coordination process (which is an approved release of information under HIPAA) but failed to properly secure the email transmission in accordance with CaroMont’s secure email usage policy," CaroMont announced in a statement provided to NBC Charlotte.
The e-mail contained 1,310 patients' names, birthdates, addresses, phone numbers, medical record numbers, diagnoses, last dates of services, medications and insurance company names. Two patients' Medicare numbers were also included.
While there's no indication that the e-mail was accessed by anyone other than the intended recipient, CaroMont is notifying all those affected, and is re-training staff on the protection of patient information.