CALIFORNIA COMPUTER STOLEN http://ehrintelligence.com/2012/08/06/computer-stolen-from-stanford-hospital-leads-to-health-data-breach/

Computer stolen from Stanford Hospital leads to health data breach

Author Name Kyle Murphy, PhD   |   Date August 6, 2012   |   Tagged Health Data Breach, Health Data Encryption, Health Data Security, HIPAA, HITECH Breach Notification Rule

The theft of a password-protected computer from a physician’s office between July 15 and July 16 has led Stanford Hospital & Clinics and the School of Medicine to notify 2,500 patients that their medical information was on the device, according to the press release issued to the media on August 2. The announcement indicates that the computer has location services software that signals its whereabouts when connected to the internet. However, officials report no detection at this time.

The protected health information (PHI) contained on the device comprises for the most part patient names, medical record numbers, and the location of their services; however, a small portion of the health data are Social Security numbers. As a result, the hospital is offering affected individuals identity protection services at no cost as well as a toll-free help line, (855) 731-6016, Monday through Friday, 6AM–6PM PST.

An investigation involving the local law enforcement is currently ongoing and has yet to reveal any information. On top of notifying patients, the hospital will review its security policies and address any measures that require revision. The hospital has notified the media but at this time has not made the release available to the public via its newsroom.

The Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification Rule requires covered entities to report an impermissible use or disclosure of PHI, or a “breach,” of 500 individuals or more to the HHS and the media. Smaller breaches affecting less than 500 individuals must be reported to the secretary on an annual basis.