Laptop Breaches Hit Hospital, Hospice
Cincinnati Children’s Hospital Medical Center and Park Ridge, Ill.-based Rainbow Hospice and Palliative Care have in recent days publicly notified the media and affected patients of the theft of laptops containing protected health information.
Cincinnati Children's Hospital Medical Center and Park Ridge, Ill.-based Rainbow Hospice and Palliative Care have in recent days publicly notified the media and affected patients of the theft of laptops containing protected health information.
The laptop from Children's Hospital was stolen from an employee's personal vehicle at home between May 27th and May 29th. It contained information on 61,027 patients, including names, medical record numbers, and services received. It did not contain Social Security, debit/credit card or telephone numbers. The hospital has no indication that information has been misused.
Affected patients and their families are being offered a year of free identity protection services. The laptop was password protected but not encrypted; the hospital now is encrypting its other laptops.
In another data breach, an encrypted laptop belonging to Rainbow Hospice was stolen on April 12 during a nurse visit to a patient's home. It contained such information as name, address, date of birth, Social Security number, insurance information, medications, diagnoses and treatments.
While data was encrypted with no indication that it has been accessed, the hospice has notified affected patients and is offering free identity protection services. The hospice has not released the number of affected patients.
The breach notification rule authorized under the HITECH Act does not require notification when affected data is encrypted or otherwise unusable, unreadable or indecipherable because of destruction.
--Joseph Goedert
The laptop from Children's Hospital was stolen from an employee's personal vehicle at home between May 27th and May 29th. It contained information on 61,027 patients, including names, medical record numbers, and services received. It did not contain Social Security, debit/credit card or telephone numbers. The hospital has no indication that information has been misused.
Affected patients and their families are being offered a year of free identity protection services. The laptop was password protected but not encrypted; the hospital now is encrypting its other laptops.
In another data breach, an encrypted laptop belonging to Rainbow Hospice was stolen on April 12 during a nurse visit to a patient's home. It contained such information as name, address, date of birth, Social Security number, insurance information, medications, diagnoses and treatments.
While data was encrypted with no indication that it has been accessed, the hospice has notified affected patients and is offering free identity protection services. The hospice has not released the number of affected patients.
The breach notification rule authorized under the HITECH Act does not require notification when affected data is encrypted or otherwise unusable, unreadable or indecipherable because of destruction.
--Joseph Goedert
More for you
Loading data for hdm_tax_topic #reducing-cost...