In January, when Premier Healthcare discovered a laptop holding protected health information had been stolen, the situation looked bleak for the large group practice in Bloomington, Ind.

Information on the laptop was not encrypted, and about 206,000 patients needed to be notified; nearly 1,800 of those patients would have had their Social Security numbers or financial information at risk. That would have resulted in the practice having to offer identity protection services, a costly charge on top of other breach-related expenses.

But in a fortunate turn of events, the laptop was returned by mail to the provider during the first week of March, the organization recently announced. A forensic investigation by security firm Pondurance found the laptop had not been powered on since it went missing, and further analysis found no evidence that information on the computer was ever accessed, according to a Premier Healthcare statement.

Also See: Stolen laptop puts information on 206,000 patients at risk

Still, damage has been done. Premier Healthcare notified patients of the theft, which costs money and negatively affects an organization’s reputation with its patients. It’s not clear whether Premier had started efforts to offer identity protection services to patients, a breach response action that can be expensive and fluctuates based on the level of insurance coverage. Premier Healthcare did not respond to requests for more information.

Because of the circumstances of the case and the evidential proof, the breach is deemed to have not occurred. If forensics proves there was no acquisition, access, use or disclosure of protected health information, then there is no breach, says Tom Walsh, president at tw-security. “It is an information security incident and should be reported and recorded as such internally,” he says.

Further, Premier Healthcare likely is a far more secure organization now, having embarked after the breach to encrypt all computers and tighten security policies.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access