HIPAA Privacy and Security Reminders – UT Physicians Laptop Goes Missing

HIPAA Privacy and Security Reminders – UT Physicians Laptop Goes Missing

HIPAA Privacy and Security Reminders – UT Physicians Laptop Goes Missing

What Happened?

On August 28, 2013, UT Physicians, the medical group practice of The University of Texas Health Science Center at Houston (UTHealth) Medical School, announced that an unencrypted laptop computer containing some patient information was discovered missing on Aug. 2 from a locked closet in a UT Physicians orthopedic clinic.

What Was the Nature of the Information and How Many Individuals Were Affected?

UT Physicians reported that 596 individuals’ information was stored on the laptop. The specialized laptop computer attached to an electromyography machine included hand and arm image data from February 2010 to July 13. Patient information stored on the computer included names, birth dates and medical record numbers. There were no addresses, social security numbers, or insurance or other financial information stored on the laptop.

What Was Done to Mitigate / Remediate?

  • UT Physicians began mailing letters today to 596 patients whose information was stored on the laptop on August 28th.
  • Reportedly, encryption of all laptops has been the policy at UT Physicians and UTHealth for the last two years and all known laptops – more than 5,000 – have been encrypted.
  • The medical group and UTHealth have taken steps to ensure that the missing laptop in the orthopedic clinic is an isolated incident.
  • UT Physicians and UTHealth officials continue to work with law enforcement in their investigation.
  • UT Physicians and UTHealth are conducting a physical search of all clinics and offices to ensure that there are no other unencrypted laptops or storage devices attached to medical equipment.
  • They are tightening the processes for the purchase of medical equipment.
  • UT Physicians and UTHealth have initiated additional review processes and inventories and invested in hardware, software and personnel to ensure that all personal information on UT Physicians’ and UTHealth’s computers and hard drives is encrypted.

What Should Organizations Do Next?

  • Make sure all mobile devices containing PII and PHI (laptops, smartphones, portable USB drives, thumb drives, etc.) are encrypted
  • Ensure documented policies and procedures are in place, are being followed and reflect actual practices.
  • Implement a regular sampling audit of devices to ensure encryption is installed and operational.
  • Complete a thorough, bona fide risk analysis of all mobile devices to ensure that all threats, vulnerabilities and controls have been considered.

What Resources Are Available to You?

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Series Navigation<< HIPAA Privacy and Security Reminders – Increased Risk and Consequences of Medical Identity TheftHIPAA Privacy and Security Reminders – Protection Against Identity Theft >>

Clearwater

Clearwater helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI).

We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.
Avatar
Posted in
Avatar
Clearwater
Clearwater helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI). We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.
Subscribe to our newsletter

Our monthly eNewsletter which includes industry articles and white papers that we’ve gathered for you. We’re confident you’ll find a nugget or two among them!

ocr-quality-stamp-tm-home

Clearwater-provided risk analyses have a 100% acceptance rate when submitted to the Office for Civil Rights.

About Clearwater

Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro® platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017, 2018, and 2019 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. 

Show Buttons
Hide Buttons