The loss of an unencrypted handheld Palm device in the Continuum Home Infusion unit of the University of Virginia Medical Center has resulted in a data breach of protected health information and notification of patients and potential patients.

The device had information on patients who received home infusion services during September 2012 or who were referred to Continuum for services from August 2007 through September 2012.

The university learned on Oct. 5 that the device went missing around that date, according to statements to patients and the media. Information on the device included names, addresses, diagnoses, medications, and insurance identification numbers that included “some” Social Security numbers. No financial information was on the device.

A spokesperson says a total of 1,846 patients or potential patients were affected. The hospital declines to specify how many Social Security numbers were involved, releasing this statement to Health Data Management: "Even though we do not believe that this device has been accessed by anyone, we prefer not to publicize the number of Social Security numbers that were on the device out of an abundance of caution to help protect the patients whose information was on the device".

The hospital will pay for one year of credit monitoring services for those with compromised Social Security numbers, according to the spokesperson.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access