Health Information Management

Breach round-up: Theft of unencrypted laptops exposes PHI

HIM-HIPAA Insider, October 21, 2013

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Three separate organizations recently reported the theft of unencrypted laptops, which resulted in the disclosure of PHI of numerous patients. Let’s take a look at each case:

  • Santa Clara Valley Health and Hospital System (SCVHHS) in California notified an unknown number of patients of a breach of PHI September 27, according to a letter posted on the State of California Department of Justice Office of the Attorney General website. On September 16, the hospital system discovered an unencrypted laptop was stolen from the audiology department, according to the letter. The letter said the laptop contained patient names, medical record numbers, dates of birth, ages, genders, dates of service, and brainwaves from testing. The hospital took corrective action, instructing the compliance and privacy officer to speak with department heads to ensure employees follow policies and procedures, and providing appropriate training and education to employees, according to the letter.
  • St. Mary’s Janesville Hospital in Janesville, Wisc., notified 629 patients that their PHI might have been compromised when an unencrypted laptop was stolen from an employee’s car, according to a statement on the hospital’s website. The password-protected laptop may have included patient names, dates of birth, medical record and account numbers, provider and department of service, bed and room number, date and time of service, visit history, complaint, diagnosis, procedures, test results, vaccines, and medications, of patients who visited the hospital’s emergency department January 1 to August 26, 2013, according to the statement. The hospital notified HHS of the breach, but did not list any corrective actions in its statement.
  • Hope Family Health in Westmoreland, Tenn., notified 8,000 patients that their PHI might have been compromised when an unencrypted laptop was stolen August 4 from the home of an employee in the hospital’s finance department, The Tennessean reported. The laptop contained patient names, dates of birth, and Social Security numbers, according to The Tennessean. The laptop was fingerprint and password protected, according to the newspaper. Following the breach, the hospital moved all PHI to an encrypted server, The Tennessean reported.  

This article originally appeared on HCPro’s HIPAA Update blog. Stay up to date on all things HIPAA by signing up for e-mail updates from this blog.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular