Contractor Breach Hits Two Health Systems
Two delivery systems in the Minneapolis area have notified a total of 16,800 patients about a breach of their protected health information following the theft of a laptop.
An employee of Accretive Health, a Chicago-based revenue cycle management consultancy, left the laptop in a locked car on July 25, and the laptop was reportedly stolen.
The computer contained information on approximately 14,000 patients at Fairview Health Services and 2,800 patients at North Memorial Health System. Accretive Health notified Fairview four days following the theft, reports the Minneapolis StarTribune.
Fairview patient information on the laptop included names, addresses, dates of birth, account balances, some diagnostic information, dates of service and the insurance policyholder number or Social Security number. Similar information was on the laptop for North Memorial patients, exempting Social Security numbers.
In a notification letter to patients, Fairview said the organization and Accretive Health have policies to encrypt laptops, but the Accretive employee did not follow policy. Fairview contracted with security firm ID Experts for remediation services, including patient notification, and the offering of 12 months of free identity theft protection and fraud monitoring services, and $20,000 of identity theft reimbursement if necessary, with Accretive Health paying for the services. "We have no reason to believe that any of our personal information has been misused," according to the letter to patients.
Among other policy changes, Fairview now is reducing, or eliminating where possible, use of Social Security numbers.