Portable Data Theft - Stolen Laptop
Salina Regional Health Center
1,100 Patients Personal Data and Medical History
Governing Privacy Law or Rule - HIPAA, State Laws
Patients' personal information threatened with computer theft
Some patients of SRHC could be at risk for identity theft
By DAVID CLOUSTON
A laptop computer containing the names, social security numbers and medical history of up to 1,100 patients is missing, putting them at risk for identity theft, and Salina Regional Health Center officials are offering a $2,000 reward for the laptop's return.
The hospital's computer was stolen along with a docking station, printer, overhead projector and other computer equipment, plus a small amount of prescription drugs, from the office of Veridian Behavioral Health, 501 S. Santa Fe., Suite 300, earlier this month.
Last week, those patients whose privacy was potentially compromised received letters from the hospital, notifying them to let their financial institutions know about the threat and to be on guard for false charges, Beth Vinson, the hospital's marketing supervisor, said Sunday.
Vinson wouldn't identify the laptop's authorized user for concern that publicly identifying him could further compromise patient privacy.
The reason the patient information was stored on the machine was because the user travels to different offices to treat patients. (iQBio Commentary - Visiting Nurses or Traveling Doctors are REQUIRED to have Encrypted Data on their Laptops and secure access with a high encryption password or biometrics according to the DSHS Standards. Why was this not done? This is a violation of a FEDERAL LAW - One that is almost never enforced)
"This person has different offices to go to, and this way when he traveled to different offices, he'd have that information available to him," Vinson said.
Vinson stressed that only patients treated by the laptop user would be at risk of having their identities stolen. At the time of the theft, the computer was shut off, and the patient information is double password protected (iQBio Commentary - most passwords are simple passwords - was this a "secure password or two simple unsecure passwords?) , she said.
"At this point, there's no information that any of the information has been breached," Vinson said.
Salina Police Department officials said Sunday that none of the missing property has been recovered, and there have been no arrests made in connection with the case.
Anyone with any information on the theft may call Salina police at 826-7210, or Crimestoppers at 825-TIPS.
The hospital has given those individuals potentially affected a phone number to call to speak with the hospital's privacy officer, Donna Vineyard, about any concerns. Vineyard directs the hospital's information management department, where medical records are stored.
"We've received about 15 calls. No one has had any problems yet," Vinson said. "But we wanted to make sure that every possible method was used, so no one is the victim of identity theft."
In the meantime, she said, the hospital's security policies on the use of laptop computers are being reviewed.
There have been laptop thefts from government offices and private companies nationwide in several high-profile cases in recent years. In December, for instance, Boeing officials reported a laptop stolen containing the names and Social Security numbers of 382,000 workers and retirees. The laptop was stolen when an employee left it unattended.
"As small as computer hard drives are now, anyone could take a hard drive and walk out of any office," Vinson said. "It's going to be a problem as long as technology improves and devices get smaller.
"We do regret it happened. We're just trying to do everything possible to make sure we find the laptop and deal with those responsible."
* Reporter David Clouston can be reached at 822-1403, or by e-mail at firstname.lastname@example.org.