This release just in from Brigham and Women’s Hospital:
Brigham and Women’s Hospital Notifies 638 Patients of a Potential Data Breach
Device containing patient information lost
Boston, MA – An external hard drive belonging to a Brigham and Women’s/Faulkner Hospital (BW/F) physician was lost on June 21, 2011. BW/F has sent letters to notify the 638 patients whose medical information may have been on the device.
The following information related to inpatient hospital stays from July 10, 2009 to January 28, 2011, may have been present on the device: patient name, medical record number, dates of admission, medications and information about diagnosis and treatment. The information did not contain Social Security numbers, insurance numbers or other financial account information.
“BW/F takes the privacy and security of our patients’ information very seriously. We are taking steps to reduce the risk of such events occurring in the future, including addressing the incident specifically with those involved, reviewing and augmenting our policies and procedures, and enhancing our training regarding technical safeguards required on external hard drives that may contain sensitive data, as well as limiting the amount of data stored on such devices,” said Sue Schade, BW/F’s chief information officer.
“It is fortunate that no Social Security numbers or financial information were included in the information that was lost. We have no knowledge that the information on this device has been accessed. However, as a precaution, we are offering affected patients identity protection services,” said Schade. “We apologize for any inconvenience and deeply regret any concern this situation may cause our patients.”
Patients who require additional information, or have questions can call toll free at 877-694-3367.
I’m immediately cast back to the last big news story about a data breach: Those Massachusetts General Hospital records that were left on a subway. They included records of HIV patients. The hospital ultimately agreed in February to pay $1 million to settle claims that it had violated patient privacy. That story is here.
What baffles me is that both Mass. General and the Brigham have some of the most advanced electronic medical record systems around. Personally, at this point I’d say I’d rather have my records in the cloud than on an external hard-drive: I’m less afraid of hackers than of absent-minded staffers…