HIPAA, Patient Privacy, Healthcare Data Security BYOD
St. Anthony’s nursing home reports 2,600-patient data breach

St. Anthony’s nursing home reports 2,600-patient data breach

Author | Date September 3, 2013

St. Anthony’s nursing home suffered a 2,600-patient data breach on July 29 when a laptop computer and flash drive with protected health information (PHI) were stolen from a doctor’s car.

According to stltoday.com, the laptop held patient names, birth dates and potentially medical records, but did not contain Social Security numbers or any financial information. The car theft looked to be inadvertent, according to the ongoing police investigation. The St. Anthony’s doctors’ group is mailing notices to affected patients. The report did not state whether either of the devices were encrypted or even password-protected.

North Dakota amends breach notification law

North Dakota has altered its state breach notification law to now include medical and health insurance information, according to lexology.com.

North Dakota’s changes include HIPAA covered entities, business associates, or subcontractors exemptions under the condition that they’re compliant  with breach notification requirements under title 45, Code of Federal Regulations, subpart D, part 164. These new rules were effective Aug. 1, 2013 and the North Dakota joined California, Texas and Missouri as states that include health information as part of their data breach notification statutes.

North Dakota also added “unauthorized use of . . . an individual’s health insurance policy number or subscriber identification number or any unique identifier used by a health insurer to identify the individual” to the list of prohibited acts under its identity theft statute, said lexology.com.

Related Resources:


Sign up for our free HealthITSecurity.com newsletter and stay up to date with tips and advice on:

  • BYOD
  • Data Security
  • VDI
  • Cloud Security

no, thanks

Our privacy policy