BREWER, Maine — Email addresses belonging to more than 1,000 patients of a Brewer medical practice were mistakenly disclosed twice Wednesday through an attempt to gather feedback about a new program.
Eastern Maine Healthcare Systems emailed 1,200 patients at the member practice, EMMC Family Medicine, with an invitation to take a survey about a new online medical records portal, the health system said early Wednesday. Recipients of the survey could view the email addresses of all the other recipients.
In attempting to rectify the disclosure, EMHS sent a second email that may have again allowed all of the recipients to see each others’ email addresses.
That information is typically shielded to protect patients’ identities, partly because many email addresses include full or partial names.
The messages contained no personal health or financial information and provided no access to that data, according to EMHS.
The emails did “not contain any other personal details other than email addresses,” EMHS said in a statement early Wednesday evening. “EMHS and EMMC are very serious about protecting patient information. We are currently determining the cause of this error and will take the necessary steps to ensure we do not share patient email addresses in the future.”
The health system is reviewing whether the disclosures violated federal regulations that protect patient health information.
EMHS sought feedback from the practice’s patients as it pilots the medical record portal, known as Blue Button. First rolled out through the Veterans Affairs department, the program has since expanded to more patients through a federal push. The tool allows patients to securely access their health data — maintained by clinicians and insurers through electronic health records — by clicking a blue button icon online. Patients also can use the tool to download their health information for their own records.