BIDMC Works With UCSF To Notify Patients Of Potential Breach
Limited identifying information on recovered laptop
Date: 1/27/2010
BIDMC Contact: Kelly Lawman
Phone: 617-667-7305
Email: klawman@bidmc.harvard.edu
BOSTON – Beth Israel Deaconess Medical Center has been working with the University of California San Francisco over the last few weeks and is in the process of notifying patients of a breach of patient data on a laptop computer that was stolen from a former BIDMC employee who left to work at UCSF.
The computer has been recovered and the files have been returned to BIDMC.
“A thorough review by our Information Services Department determined that the files contained limited identifying information but no Social Security numbers or financial information,” said John Halamka, MD, BIDMC’s Chief Information Officer.
Although there is no indication that further unauthorized access or use of the personal information has actually taken place, BIDMC is alerting approximately 2,900 patients about the incident.
“BIDMC takes these matters very seriously and is committed to maintaining the privacy of all patient information,” said Halamka. “We are grateful that no Social Security numbers or financial information was released. As soon as we were notified, the medical center began an investigation to understand the nature of the breach in anticipation of remediation and providing a formal notice to the Department of Health and Human Services.”
“BIDMC continually tests and modifies its systems and aggressively enhances practices to secure sensitive information, and we are reviewing those systems and our policies again now. BIDMC is also providing re-education to staff to ensure that all mobile storage devices are secured and understand appropriate access to protected health information,” continued Halamka.
Affected patients have been given access to state and federal resources, a toll-fee telephone number (888) 753-6533 and a direct BIDMC line – (617) 667-1897 – had been established for those with additional questions.
A copy of the USCF press release appears below.
LAPTOP WITH PATIENT INFORMATION STOLEN FROM UCSF EMPLOYEE
A laptop containing files with patient information was stolen from a UCSF School of Medicine employee on or about November 30, 2009. UCSF is in the process of alerting approximately 4,400 patients that their protected health information is vulnerable to access as a result of the incident.
The UCSF Police Department was notified and began an investigation on December 1. The laptop was recovered in Southern California on January 8, 2010.
A review conducted by UCSF Enterprise Information Security determined that the files contained limited data for some UCSF patients relating to their treatment at UCSF Medical Center in 2008 and 2009. It also was determined that the employee had uploaded some files from a prior employer, Beth Israel Deaconess Medical Center in Boston, and these files contained some BIDMC patient data.
The information potentially exposed included name, medical record number, age and clinical information. The laptop did not contain any Social Security numbers or other financial data.
Although there is no indication that unauthorized access to the files or the laptop actually took place, UCSF and BIDMC began sending out notifications to patients in January 2010.
UCSF is committed to maintaining the privacy of personal information and takes many precautions for the security of that information. In response to incidents such as this, UCSF is continually modifying its systems and practice to enhance the security of sensitive information.
UCSF has established a toll-free number (1-877-809-1270 ext. 74005) for those with questions.
