Children’s Hospital Boston has notified 2,159 patients or their parents of a breach of protected health information following the theft of an unencrypted laptop.

The laptop, which was password-protected, was stolen while a hospital staff member was attending a conference in Buenos Aires, according to a statement to the media. A file containing patient information had been sent to the laptop as an e-mail attachment, but was not saved to the hard drive. Hospital staff could not determine if the file was accessible on the laptop.

No financial information or Social Security numbers were in the file, but it included patient name, medical record number, date of birth, diagnosis, procedure and date of surgery. The theft occurred on March 25 but the hospital did not learn of it until April 9. The hospital is enhancing its security training.

In notification letters to parents and patients over 18 years of age, the hospital said it had no indication or evidence that the information had been accessed or used inappropriately.

For your consideration: The role of data forensics following a breach of PHI

The hospital is not providing credit and identity theft protection services, since no financial information or Social Security numbers were compromised, according to a hospital spokesperson. Under a Massachusetts law, a breach is considered identity theft if it involves a first and last name or first initial and last name, plus one or more of a Social Security number, driver’s license number, state ID card number, or financial account, debit or credit card number, says the spokesperson.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access