Healthcare News & Insights

Data breach: Doc’s personal laptop stolen

Think you just have to worry about your hospital’s mobile electronic devices when it comes to HIPAA security and data breaches? You’ll think differently after you hear this.

A physician’s personal laptop was stolen from a hospital office, and now Beth Israel Deaconess Medical Center (BIDMC), in Boston, is in the process of notifying approximately 3,900 patients of the potential data breach.

The computer was stolen from the physician’s office on May 22nd, and the police were notified.

Despite containing a tracking device, the computer wasn’t recovered. However, a suspect was arrested.

In addition to notifying the police of the theft, BIDMC hired a national forensic firm to investigate whether the data on the laptop was compromised. The firm’s investigation found that so far there hasn’t been any indication that the information has been misused.

Fortunately, the only medical information the laptop contained were short summaries used for administrative purposes, noted the hospital in a press release. It didn’t contain complete medial records or patient financial information, such as Social Security numbers.

Action steps

As of July 23, all patients who had their  protected health information (PHI) compromised, were notified through snail mail and were given a toll-free number to call.

In addition, the hospital has enhanced its physical security in office buildings and is launching a campaign to raise awareness about data security issues within the organization at all levels. For example, BIDMC now has a mandatory encryption policy that requires any device that uses patient-related or administration data in any way to be encrypted.

“We are creating depots where employees bring in their devices, and we will encrypt them on their behalf,”  John Halamka, MD, BIDMC’s chief information officer, told the Boston Globe. “We will ensure that it has appropriate antivirus protection and up-to-date software patches.”

However, due to the pervasiveness of personal mobile electronic devices, this process could take up to three months.

Reason:  The 6,000 employees at BIDMC’s Longwood-area medical campus own an estimated 1,500 personal electronic devices that can be used for work.

For more information on how you can keep your facility’s patient information safe and sound, read Mobile devices: 4 tips for protecting your hospital.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.