John Muir Hospital in Walnut Creek, CA had 2 laptops stolen that contained person and health information on 5,450 patients.
As is required, the Hospital sent letters to all 5,450 patients telling them of the theft.
John Muir Health vice president and privacy officer, Hala Helm, says the laptops were password-protected and contained data in a format that would not be readily accessible.
Password protection to get into the laptop will only protect you a little.
This is probably why they are claiming the data would not be “readily accessible”.
Of course, if this were really true, they wouldn’t be concerned.
What should they have done?
- Not had data stored on a laptop or portable device…
- If it was deemed absolutely necessary to store this data on a laptop, the laptop hard drive should have been encrypted…
- If this were the case, HIPAA Safe Harbor would cover this incident since one of the data on the laptop would be readable.
It is so easy to do this right…it is flabbergasting that a hospital can’t get their act together.