A Kentucky hospital is notifying 5,000 patients of a data breach that occurred when computer equipment containing patient information was stolen from its mammography suite. Hospital officials reported that the information on the hard drive was not encrypted, but was maintained in a locked, non-public area.
Officials at The Medical Center at Bowling Green said the stolen equipment held the data of patients who had bone density testing done between 1997 and 2009.
Hospital officials have determined that the information on the stolen device included each patient’s full name, date of birth, address, medical record number and physician name. Some patients’ records also included information such as social security numbers, weight, height, and menopause age.
The hospital became aware of the theft on April 1, conducted an investigation of the incident, and reported it to the Bowling Green Police Department.
The Medical Center is allegedly following the requirements of the American Recovery and Reinvestment Act of 2009 and the Health Information Technology for Economic and Clinical Health Act, which include: notification of the U.S. Secretary of the Department of Health and Human Services; notification of patients who may have had their personal protected health information accessed by the breach; public disclosure to the local media; and posting information about the breach on The Medical Center’s Web site.
Comments on this entry are closed.