Detroit-based Henry Ford Health System is notifying patients that an employee's laptop computer containing personal patient information was stolen from an unlocked urology office, the Detroit Free Press reports.
The theft occurred on Sept. 24. Federal law requires health organizations to inform patients within 60 days of identifying a security breach (Anstett, Detroit Free Press, 11/16).
Breach Details
The stolen laptop contained patient information related to prostate services administered from 1997 through 2008. Although the computer was password protected, it is possible that the data could be viewed (Burden, Detroit News, 11/15).
The laptop contained data such as patients':
- Names;
- Medical record numbers;
- Dates of birth;
- Mailing and e-mail addresses;
- Telephone numbers;
- Treatments; and
- Doctor visits.
The laptop did not contain patients' medical records, Social Security numbers or health insurance identification numbers.
Meredith Phillips, chief privacy officer of Henry Ford Health System, said the laptop "did not have the proper security protections that we require for laptop computers storing patient information."
Health System Response
Phillips said the health system plans to provide employees with additional training to improve the security of electronic health information (Greene, Crain's Detroit Business, 11/16).
Henry Ford Health System has set up a 24-hour information hotline and is offering no-cost credit monitoring to affected patients for one year (Detroit Free Press, 11/16).