- In alerting 858 patients that their paper records had been stolen from a doctor’s vehicle on December 27, Saint Francis Hospital and Medical Center was able to let them know of the breach quicker than many other organizations. But there are still questions as to why the unsecured records were in the car in the first place.
According to NBC Connecticut, the records were stolen from independent contractor physician Bindu Vanapalli’s car in New Haven, Conn. and included patient names, dates of birth and medical record numbers. Saint Francis, located in Hartford, Conn., said the records did not contain Social Security numbers, financial information or addresses.
Since the breach, Saint Francis has stated that it has implemented internal information safeguards will provide patients with up to two years’ worth credit monitoring for the 858 patients. As in other breach instances, it would be helpful to learn more about its plans to improve physical safeguards. One step may be to prevent physicians, especially those who are contracted, from holding physical records and transport them. Keeping track of digital records can be cumbersome enough, let alone knowing the whereabouts of paper records. While nothing is perfect, cases such as this provide a reminder that EHR systems do have certain privacy and security benefits (assuming there’s encryption involved).
Like other organizations that have experienced breaches, Saint Francis said the breach was a violation of policy and it doesn’t have evidence that there have been attempts to gain inappropriate access to patient data. “Our goal has always been to help ensure adequate safeguards are in place to protect our patients’ confidentiality. Education of our staff has already been completed and we are evaluating other opportunities to strengthen our compliance program,” John Rodis, M.D., executive vice president and chief operating officer and chief physician executive, said.