The theft of a laptop might have exposed health data on more than 16,000 patients at Fairview Health Services and North Memorial Medical Center, two Minnesota-based health care systems, the Minneapolis Star Tribune reports (Lerner/Kennedy, Minneapolis Star Tribune, 9/28).
Details of the Breach
The theft occurred after an employee of Accretive Health -- a revenue cycle management company working with Fairview and North Memorial -- left the laptop in a locked car on July 25 (Goedert, Health Data Management, 9/28).
Hospital officials said they waited until now to begin notifying patients about the data breach because it took time for investigators to determine what information was compromised.
Officials said the laptop was unencrypted and included data on about 14,000 Fairview patients, including:
- Birth dates;
- Social Security numbers; and
- Some medical information.
They noted that the laptop also included data on about 2,800 North Memorial patients, including:
- Medical record numbers; and
- Limited clinical information (Minneapolis Star Tribune, 9/28).
The laptop did not include any patients' credit card information.
Hospital Officials' Response
Fairview and North Memorial officials said there is no evidence that the information has been misused (Snowbeck, St. Paul Pioneer Press, 9/27).
Fairview officials noted that the hospital system and Accretive both have policies to encrypt laptops, but that the Accretive employee in question did not comply with the policy.
Fairview is offering one year of free identity theft protection and fraud monitoring services. If necessary, those affected could be eligible to receive $20,000 of identity theft reimbursement, paid for by Accretive.
In addition, Fairview officials said they plan to limit their use of Social Security numbers in the future (Health Data Management, 9/28).