An email error in October compromised the protected health information of some Mount Carmel Health System patients, according to a Nov. 27 news release from Mount Carmel.
The network has informed 836 former bariatric patients of a breach of unsecured protected health information and the steps taken to protect the affected individuals, the release said.
On Oct. 26, an employee of the Mount Carmel Bariatric Program sent a “save the date” email informing recipients of the Mount Carmel-sponsored 2017 bariatric social event at the Grange Insurance Audubon Center, the release said. The employee intended to send the email to individual recipients but inadvertently sent one email to all individuals who might be interested in the event. The email displayed the email addresses of all recipients. The email did not contain any telephone number, Social Security number, date of birth, home address or financial information, the release said. The error was identified immediately, and the employee attempted to retract/recall the email, the release said.
Former patients were included on the email, and their email addresses were disclosed to the other recipients. Affected individuals were notified that they received the email and were asked to delete the email from their inbox and refrain from forwarding or sharing it, the release said.
Under the U.S. Health Insurance Portability and Accountability Act, PHI includes email addresses.
Mount Carmel is analyzing procedures and will take corrective measures as necessary to ensure that similar errors don’t occur in the future, the release said, adding that the health system is re-evaluating processes for contacting individuals who might be interested in bariatric social events, the release said.
For more information, patients can call 614-546-3284 or 1-800-225-9344.