The danger of unencrypted protected health information: 55,000 patients’ PHI exposed.
An Indianapolis oncology group has disclosed that data concerning about 55,000 patients was stored on a stolen laptop computer. A backup copy of the Cancer Care Group’s server was stored on the computer, which was stolen from a locked car. Among the data stored on the device were patient names, addresses, Social Security Numbers, medical record numbers, and insurance information. Several employees’ personal information was stored on the compromised device as well.
Reportedly, the Cancer Care Group is one of the largest privately-owned radiation oncology practices in the country. The practice group stated that they have begun encrypting data stored on portable devices and upgrading their data safety procedures.
This data theft is just the most recent in a long line of private health information security breaches, including several discussed here at the Health Law Sidebar.
For one, South Shore Hospital in Massachusetts settled with the Massachusetts Attorney General in May concerning the loss of unencrypted back-up material which included the protected health information of about 800,000 individuals.
Caitlin Monjeau contributed this post.