Beebe Medical Center in Lewes, Del., recently notified 113 patients or next of kin that documents containing their name and Social Security number were stolen on January 1.

The News Journal in Wilmington reported the breach on March 3, noting that the hospital "did not disclose the security breach to the general public until news media began calling." However, provider organizations are not required to publicly report breaches that affect less than 500 individuals, although breaches of all sizes are reportable to the Department of Health and Human Services' Office for Civil Rights.

There is no mention of the breach on Beebe Medical Center's Web site. An employee of the hospital inadvertently took a briefcase that contained Medicare cost reports to Disney World during Christmas vacation and kept the briefcase in the hotel safe. But the employee's car was broken into during the return trip home and the briefcase was taken, The News Journal reports.

The hospital learned of the theft on Jan. 4. A spokesperson told the newspaper that the hospital waited seven weeks to notify patients, in part, because the chief compliance officer was on a family related leave of absence for a month. The hospital is offering affected patients a year of free credit monitoring services.

--Joseph Goedert

 

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access