Spartanburg Regional Healthcare System in South Carolina is giving very little information following a breach of protected health information that included names, addresses, dates of birth, billing codes and Social Security numbers.

A password-protected but unencrypted laptop was stolen from an employee's car on March 29. The employee was authorized to have possession of the laptop, according to a notice to patients. The notice also offers a paid year of identity and credit protection services from Kroll Inc.

The three-hospital delivery system notified patients on May 27 but is not saying how many are affected. When asked if the Department of Health and Human Services' Office for Civil Rights has been notified--which is required for breaches affecting 500 or more patients--a spokesperson would not specifically respond but says that all proper authorities have been contacted. The breach does not yet appear on OCR's public Web site listing large breaches, which stands at 278 incidents since September 2009.

Citing an ongoing investigation, the Spartanburg Regional spokesperson would not discuss enhanced security procedures being taken, whether the employee violated any policies, or which facility the employee works at. The delivery system has no evidence that data on the laptop has been misused.

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access