Stolen Hard Drive Had Data on UCLA Patients

UCLA Health System is offering 16,288 patients credit and fraud protection services following theft during a home burglary of an external hard drive containing sensitive information.

The hard drive, taken home by a physician, was encrypted, but the password was written on a piece of paper that also went missing, according to The Los Angeles Times. Information on the drive included names, addresses, dates of birth, medical records numbers and clinical information. "No individual's complete medical record was stored on the device," according to a public notice from ULCA.

The delivery system has retained Kroll Inc. to provide identity theft consultation and restoration services, and said there is no evidence that the missing data has been accessed.

UCLA Health System, a large multi-hospital delivery system, has had several breaches of protected health information in recent years. The HHS Office for Civil Rights in July 2011 fined the system $865,000 and imposed a corrective action plan following unauthorized employee access to the information of celebrity patients.

The California Department of Public Health also fined Ronald Reagan UCLA Medical Center $95,000 for unauthorized employee access. In addition, two former UCLA health system employees have been found guilty of criminal violations of the HIPAA privacy rule's patient confidentiality regulations.

Lawanda Jackson, a 32-year employee, pleaded guilty of selling celebrity data to the National Enquirer. And Huping Zhou, a researcher, was sentenced to four months in prison for illegal access of medical records.


For reprint and licensing requests for this article, click here.