Stolen laptop contained unencrypted information from 500 patients
Clinical Pathology Laboratories Southeast, with six offices in Florida, Georgia and South Carolina, has notified about 500 affected patients after an unencrypted laptop issued to an employee was stolen last September.
The laptop contained protected health information on patients and their payment guarantors, which could be insurers or other persons besides the patient with financial responsibility for payment.
Following the theft, access of the laptop to the organization’s network was disabled, and a forensic examination was conducted to identify data at risk.
Compromised information on the laptop included patient names, addresses, driver’s license numbers, government identification numbers, medical record numbers, Social Security numbers and medical treatment information.
Since the theft, Clinical Pathology Laboratories Southeast has installed encryption on information systems and networks, updated data security policies and procedures, and retrained staff, all of which are routine improvements that the HHS Office for Civil Rights, which enforces the HIPAA privacy and security rules, expects to be implemented.
HHS continues to remind healthcare organizations that encryption is a highly effective way to avoid data breaches, and the time and resources that are spent cleaning up a breach. If a properly encrypted device that contains protected health information is lost or stolen, there is no data breach and no need to report the incident, the agency notes.
Now, however, affected patients of Clinical Pathology Laboratories Southeast have been notified and offered credit monitoring and identity theft protection services from ID Experts. Patients also have received information on how to monitor and protect their personal information.