- Auditing company Seim Johnson recently reported a potential healthcare data breach that could affect over 30,000 individuals.
Nebraska-based Community Hospital might be one of the affected facilities, as it announced earlier this week that it had received a notification letter from Seim Johnson that a stolen laptop may have contained patients’ personal information.
According to a McCook Gazette report, Community Hospital receives auditing services from Seim Johnson. The hospital was informed that a Seim Johnson employee laptop was stolen in Nashville, Tennessee in December, 2015. While it is Seim Johnson policy to install encryption and passwords on devices, an investigation revealed that it was likely the encryption was not functioning when the laptop was taken.
Potentially exposed information likely includes patient names, a personal identifier such as a patient account number, and medical record number or visit number. Social Security numbers may also have been on the laptop for a few cases. However, credit card information was not included.
"Any patients who were potentially impacted by this situation have received letters from Seim Johnson notifying them of the event," Community Hospital Director of Health Information Management and Privacy Officer Rachel Berry told the news source. “"We are not aware of any activity that would make us believe the information has actually been accessed or viewed on the stolen laptop computer."
Moreover, Community Hospital is taking more precautions in verifying an individual's identity before disclosing extra personal, medical, or financial information, according to Berry.
At the time of publication, Seim Johnson did not have a notification on its website, Community Health did not state how many of its patients specifically were affected by the stolen laptop. However, the OCR data breach reporting tool lists 30,972 individuals as being affected by the incident.
Other recent cases of potential data breaches included incidents of stolen devices and unauthorized employee access.
Texas patients notified of possible breach eight months later
Some patients in the Abilene, Texas area were recently notified of a potential healthcare data breach nearly eight months after a laptop containing PHI was stolen.
Oceans Acquisitions, Inc. announced that a laptop was taken from an employee’s car on April 9, 2015. However, it was only recently discovered in an “unrelated systems review” that PHI may have been on the device.
“In May 2015, Oceans validated that all portable devices and laptops have encryption technology active and in use,” explained a statement on ReporterNews.com. “While there is no indication the personal information has been acquired or used, free identity protection resources are being provided to individuals who may have been impacted.”
Oceans reported that patient names, dates of birth, medical record numbers, diagnoses, payer information and admission dates might have been on emails contained in the laptop. However, Social Security numbers and bank account information were not included in the emails.
Health system employee terminated for unauthorized PII access
Florida-based Jackson Health System announced on its website that it had terminated an employee after it was found that she may have stolen confidential patient information.
According to Jackson Health, former hospital unit secretary Evelina Reid may have stolen confidential patient information including names, dates of birth, Social Security numbers, and home addresses over the last five years. Jackson Health is continuing to work with local law enforcement to investigate the alleged incident.
“Jackson Health System is committed to patient confidentiality,” the statement reads. “The safety and security of our patients is top priority. In order to protect our patients’ rights and private information, we enforce strict rules for those who handle patient information.”
The hospital added that currently “in the process of acquiring and implementing a more robust security system to monitor access to patient records.” Employees are also regularly educated on privacy rules and regulations, according to Jackson Health.
Hospital officials told the Miami Herald that approximately 24,000 patient records may have been inappropriately accessed.