Data on 4,000+ patients on stolen laptop
- Laptop stolen from UCSF containing files with information on 4,400 patients
- Patients are being alerted that their information is vulnerable to access
"...Information “potentially exposed” included name, medical record number, age and clinical information, but the stolen laptop did not contain any Social Security numbers or other financial data, officials said. “Although there is no indication that unauthorized access to the files or the laptop actually took place,” UCSF said, both UCSF and another affected medical center began sending out notifications to patients this month....
...Officials said late Wednesay that it took some time to determine what information was on the missing laptop, and then to find addresses for affected patients. "UCSF then promptly began notifying patients, a process that requires a precise and meticulous set of steps, determining, for example, the status of patients -- whether they are living or deceased, whether they are minors requiring parental notification, whether they have new addresses. This process has been carried out in coordination with the UCPD investigation and recovery efforts," officials said in an emailed statement...."
Categories: Healthcare Tags: Stolen laptop, UCSF
Best practices for mobile device data encryption at HIPAA covered entitites
Patient data was copied for 2,900 patients to an employee's thumb drive at BIDMC. The employee left that organization and went to a new one (UCSF). The employee loaded that data onto a laptop at the new organization to demonstrate quality improvement reporting. That laptop was stolen. Both organizations have potential HIPAA violations to worry about based on this person's actions. Some best practices:
- Policies should require that all mobile storage devices be secured
- Encrypt all mobile devices including laptops
- Educate employees on how to protect privacy
- Sanction employees who violate policies
- Implement technologies that find transfers of medical data (especially in an unencrypted form). This should include both transfers across the network and via physical devices such as USB thumb drives, iPods, etc.
Categories: Healthcare Tags: Encryption, HIPAA, Mobile, Stolen laptop, USB lost
Medical information for 10,000 compromised after two breaches
Medical information for 10,000 compromised after two breaches. SSN, birth date, immunization records. Stolen laptop and stolen flash drive.
Categories: Healthcare Tags: Credit Monitoring, Michigan, Stolen flash drive, Stolen laptop