in HIPAA Headlines by John Brewer

Two Medicaid managed care plans in Pennsylvania have reported that an unencrypted flash drive (thumb drive) that had PHI on 280,000 members was lost in September, according to the Philadelphia Inquirer.


Three words that should never go together.

Many of the news reports we write on here revolve around the easiest HIPAA issue to handle – encrypting flash drive.

Note: when talking about flash drives, we lump a number of portable storage devices together including:

  • External Hard Drives
  • Thumb Drives
  • Smart Phones
  • Laptops
  • Pen Drives
  • CD’s & DVD’s

If you have any of the above and plan to store PHI on them, you need to have the device encrypted.

Here are a few more notes from this mishap:

  • The drive was taken to and used at community health fairs
    • “so the data could be available as part of testing a new hardware solution and the drive was later lost in our Philadelphia office.”
  • Information on the flash drive included patient names, addresses, plan ID numbers and personal medical information
  • Only 7 members had their Social Security number on the drive – this is vaguely comforting, yet the absence of the SSN does not make this any less a disaster.

Encrypting a portable device is simple, not expensive and the only legal way to store PHI on a portable device.

About John Brewer

This author hasn't yet written their biography.
Still we are proud John Brewer contributed 177 great entries.

0 thoughts on “Info on 280,000 Lost

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *