Barnabas Health of New Jersey has sent notification letters to 1,100 pediatric specialty center patients explaining that their data may have been compromised as a result of an unencrypted laptop being stolen on Sept. 24, 2013.
In a sample notice (originally posted on December 18) forwarded to PHIPrivacy.net, Barnabas explained that the laptop was stolen from its Pediatric Specialty Center, then located in Livingston, New Jersey, and it detected the breach the same day. The laptop, which was attached to pulmonary function testing (PFT) equipment, has yet to be recovered and there was patient data included on its hard drive. This data included electronic versions of forms with PFT results, which generally included name, date of birth, actual PFT results, other general demographic patient information, the name of the physician and technician and the date the PFT was performed, according to the statement.
Not included were addresses, financial information or insurance or other identification numbers. But Barnabas still asked patients to review all account statements closely and to immediately report anything suspicious to the applicable insurer and/or the authorities.
Despite this theft, we have no evidence that any personal information has been improperly accessed or misused. Print outs of these PFT forms are on file to ensure continuity of care and accessibility by the treating physician. After a thorough investigation, measures are being implemented to avoid similar incidents in the future, including directives against the use of unencrypted laptops, and a review of applicable safeguards. Employees of the Center were retrained on various patient privacy and security obligations and policies….Barnabas Health Medical Group sincerely regrets this unfortunate incident and considers the security of patient information to be of utmost importance.
As we head into 2014, hopefully healthcare organizations are more diligent in their encryption practices going forward.