Cincinnati Children's Hospital Medical Center and Park Ridge, Ill.-based Rainbow Hospice and Palliative Care have in recent days publicly notified the media and affected patients of the theft of laptops containing protected health information.

The laptop from Children's Hospital was stolen from an employee's personal vehicle at home between May 27th and May 29th. It contained information on 61,027 patients, including names, medical record numbers, and services received. It did not contain Social Security, debit/credit card or telephone numbers. The hospital has no indication that information has been misused.

Affected patients and their families are being offered a year of free identity protection services. The laptop was password protected but not encrypted; the hospital now is encrypting its other laptops.

In another data breach, an encrypted laptop belonging to Rainbow Hospice was stolen on April 12 during a nurse visit to a patient's home. It contained such information as name, address, date of birth, Social Security number, insurance information, medications, diagnoses and treatments.

While data was encrypted with no indication that it has been accessed, the hospice has notified affected patients and is offering free identity protection services. The hospice has not released the number of affected patients.

The breach notification rule authorized under the HITECH Act does not require notification when affected data is encrypted or otherwise unusable, unreadable or indecipherable because of destruction.

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access