Healthcare Technology Featured Article

May 24, 2012

Patient Data at Children's Hospital Boston Breached Following Stolen Laptop


It happened again.

Children’s Hospital Boston has notified over 2,000 patients or their parents that their protected medical information has been breached, after the theft of an unencrypted laptop, according to a story healthdatamanagement.com.

The laptop was password-protected, but was stolen while a hospital staff member was attending a conference in Buenos Aires, according to a statement to the media. A file with patient information had been sent to the laptop as an e-mail attachment, but was not saved to the hard drive.

Hospital staff said they could not find out if the file was accessible on the laptop.

Those whose files may now be floating around on the Internet can take some comfort in knowing that no financial information or Social Security numbers were in the file, but patient names, medical record numbers, dates of birth, diagnosis, procedure and dates of surgery all were.

The hospital sent notification letters to parents and patients over 18 years of age, and said it had no indication or evidence that the information had been accessed or used inappropriately.

But sadly, this is not an isolated incident.

In Northern California, more than 4 million patient records were at risk when another laptop was stolen. A Massachusetts General employee left behind on a subway train records for patients of an infectious disease practice. An employee at Loma Linda University Medical Center who took home work-related information forced the healthcare institution to notify 1,336 patients of a possible breach of their protected health information, according to healthdatamanagement.com.

In Texas, protected health information for more than 3,000 patients at San Antonio-based Stone Oak Urgent Care & Family Practice happened to be on five computers stolen in October.

And just a month ago, medical data including social security numbers, addresses and names for thousands of Medicaid patients in Utah was hacked. Then the state discovered more names than they’d originally disclosed were at risk.

Now, as if that weren’t bad enough, the Utah Department of Health discovered that the information stayed in the state’s electronic system instead of being erased within a day – normal security protocol.

Even debt collectors are putting patients’ records in danger. Minnesota Attorney General Lori Swanson sued Accretive Health, an aggressive debt-collection agency, after an employee left behind a laptop with personal information on about 23,500 patients in a rental car last July.

And it’s all costing the healthcare industry over $6.5 billion a year, according to a recent study. Where does it end? It seems that, as convenient and helpful as electronic health records are, they have some very big drawbacks. Healthcare organizations are working hard every day now to try to put their fingers in the dyke.




Edited by Braden Becker
Get stories like this delivered straight to your inbox. [Free eNews Subscription]




SHARE THIS ARTICLE