Wednesday, December 17, 2014

Huge loss of patient data at Jefferson

On Friday, Thomas Jefferson University Hospital in Philadelphia notified 21,000 patients that a laptop computer containing their unencrypted personal data including names, birth dates, insurance information and social security numbers was stolen from an office at the hospital on June 14. Data also lost on medical residents and fellows at Cooper University Hospital in Camden, N.J. Last yest patient information on stolen laptop from Children's Hospital of Philadelphia.

Huge loss of patient data at Jefferson

On Friday, Thomas Jefferson University Hospital in Philadelphia notified 21,000 patients that a laptop computer containing their unencrypted personal data including names, birth dates, insurance information and social security numbers was stolen from an office at the hospital on June 14.

The laptop was password-protected; Still, the data could be accessed since it was not encrypted as required by the hospital. Jefferson has written letters to each of the effected patients and hired Kroll Inc. to conduct an internal investigation and provide identify theft protection and ongoing monitoring.

Jefferson’s president and chief executive, Thomas J. Lewis, urged all the patients who get the letters from him to use the individual id codes and activate the identity theft protection by Kroll.

“As upsetting it is for me, I know it is even more upsetting for the people who have gone through it and I am really sorry that they have to deal with this,” Lewis said in an interview. 

More coverage
 
Site offers directory of 100 million Facebook users

Since the computer was reported missing, Lewis said the hospital has engaged in a broad review of its policies and procedures to “try to make it fool-proof that this can’t happen again at Jefferson.”

That involved fixing flaws in the system that enabled the data to be moved from the hospital’s computer system to the employee’s laptop. The employee violated hospital policy by copying the data, and would be subject to “appropriate action,” Lewis said.

He declined to go into specifics of the personnel action.

So far, Jefferson has not been notified that any of the personal information has been accessed or used inappropriately, but Lewis emphasized that it was critical for the patients to activate their Kroll identity theft protection as soon as possible.

A similar loss of private patient information occurred last December at Children’s Hospital of Philadelphia when an employee’s laptop computer containing data including social security numbers on 942 patients was stolen from a car parked at the employee’s home.

On Tuesday, Cooper University Hospital in Camden reported that a flash drive containing social security numbers, addresses and phone numbers of medical residents and fellows was missing.

“The hospital is conducting a thorough investigation and has initiated an aggressive plan to protect any personnel who could be affected by this potential security breach,” Cooper said in a statement.

The problem of personal data being lost or stolen from hospitals extends across the nation. 

On July 20, South Shore Hospital in South Weymouth, Mass. reported that computer files containing 14 years of personal, health and financial information of patients, vendors, employees and others “may have been lost by a professional data management company.” An estimated 800,000 people were potentially affected by that loss.

To check out more Check Up items go to www.philly.com/checkup.

About this blog

Check Up covers major health events in our region and offers everything from personal health advice to an expert look at health reform. Read about some of our bloggers here.

For Inquirer.com. Portions of this blog may also be found in the Inquirer's Sunday Health Section

Michael R. Cohen, R.Ph. President, Institute for Safe Medication Practices
Daniel R. Hoffman, Ph.D. President, Pharmaceutical Business Research Associates
Latest Health Videos
Also on Philly.com:
Stay Connected