A medical device that records physiological data was stolen on April 12 from SSM Health Orthopedics, which operates out of SSM Health-owned DePaul Hospital in St. Louis, potentially affecting the data of 836 patients
The organization said the medical device, which looks similar to a laptop computer, contained in its memory some physiological data as well as protected health information from patients who participated in a study between 2002 and 2017. The organization notified the patients that some of their protected health information has been compromised.
These patients had one of two electro diagnostic studies, called EMG or NCS, and the electromyography medical device recorded electrical activity in muscle tissue to assess health of the muscles and corresponding nerve cells. Compromised information included first and last names, dates of birth, medical record numbers and chief complaints. No financial, address, phone or Social Security information was compromised. SSM Health privacy specialist Mackenzie Schlotz said in a letter sent to patients that the organization does not believe patients are at risk for identity theft based on the limited data on the device.
“It is likely that the purpose of the theft was to steal the medical device, which resembles a laptop computer, and not health information,” Schlotz added. “There is no evidence to suggest that the limited health information contained on the medical device has been misused in any manner.”
SSM Health has instituted new controls, and will conduct further training of staff and management on the handling of patient information.
The organization has two previous major data breaches listed on the HHS Office for Civil Rights breach web site. In October 2013, the theft of a laptop at Janesville Hospital in Wisconsin affected 631 patients. In October 2015, an unauthorized access to paper or films at SSM Health Cancer Care in Missouri affected 643 patients.
SSM Health declined to provide more information on the most recent incident, although it did corroborate the information it sent out to affected patients by letter.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access