Notice of Data Privacy Incident: Chronic Care Management, Inc. (“CCM”)
What Happened? Chronic Care Management, Inc. (“CCM”) is a care management technology and clinical services provider that provides patient communication and engagement services to Matthews-Vu Medical Group. On August 19, 2019, CCM discovered an error related to the transmission of an announcement about a care management program that was emailed on August 19, 2019 from CCM to certain patients. CCM quickly launched an investigation to determine what may have happened and what information may have been affected. The investigation ultimately determined that the email communication sent to certain patients on August 19 via CCM’s communications software may have included an incorrect patient name. This was a result of human error in CCM’s sorting of patient names and email addresses. CCM reviewed the communications and confirmed the limited personal health information that may have been disclosed as a result of the incident and the identities of the individuals whose information was involved.
What Information Was Involved? The investigation confirmed the information present in the email to involved individuals may have included a patient’s first and last name and the care management program for which they may qualify. Social security numbers, dates of birth, mailing addresses, and other types of medical or financial information were not involved and were not disclosed.
What is CCM Doing? CCM takes this incident and the privacy and security of personal health information seriously. Upon learning of this incident, CCM moved quickly to investigate and confirm whether personal health information may have been affected by this incident, and to identify the individuals related to this information. CCM mailed written notice letters on October 17, 2019 to all potentially involved patients for whom current address information is known. CCM quickly implemented increased safeguards to verify information distributed in patient outreach campaigns, conducted additional employee training and counseling, and reviewed and updated its company policies and procedures relating to data safeguards.
What You Can Do? Although impacted individuals’ social security numbers, dates of birth and identifiers other than names were not involved, CCM encourages potentially impacted individuals to review their account statements and explanations of benefits for unusual activity, and to report any suspicious activity immediately to their insurance company or health care provider. CCM established a dedicated toll-free hotline for potentially affected individuals to contact with questions or concerns regarding this incident. For additional information, please call 1-877-514-0832 (toll-free), from Monday through Friday, 7:00 a.m. to 4:30 p.m. MT.