CA: Riverside County Regional Medical Center notified 563 patients about missing laptop with PHI
Here’s yet another case involving a missing (presumed stolen) laptop with unencrypted PHI that was used with a medical device, but seemingly not physically secured enough. This breach involves the Riverside County Regional Medical Center. I recently reported a similar type of breach at a VA medical center in Denver.
The following statement was posted on the hospital’s website today:
Hospital Patients Notified That Missing Laptop Contained Their Personal Information
Law enforcement investigating laptop computer missing from Riverside County Regional Medical Center
RIVERSIDE COUNTY, Ca. – Riverside County Regional Medical Center (RCRMC) has notified 563 patients that some of their personal data may have been compromised after a laptop computer was reported missing from a hospital procedure room late last week.
Riverside County Sheriff deputies are investigating the missing computer and reviewing footage from hospital security cameras in an effort to recover the computer.
The laptop contained the names, birth dates, medical record numbers, and test results for patients who recently had an electromyogram, a study that measures the electrical activity of muscles while at rest. No social security or credit card numbers, insurance information, or addresses were kept on the laptop. No other hospital computer systems were compromised.
Jan Remm, the assistant hospital administrator who oversees regulatory compliance, said RCRMC has mailed notification letters out to each of the affected patients. A toll-free phone line has been established so patients can contact hospital representatives with any concerns or questions. Patients may call 1-877-500-1255.
“Protecting sensitive patient information is a golden rule in healthcare,” Remm said. “We apologize for the inconvenience this incident has caused our patients. Right now, we are focused on minimizing current and future impacts.”
Remm said RCRMC is taking steps to minimize the risk of future incidents, by:
- Encrypting sensitive patient data
- Using locks to secure laptops to carts
- Developing advanced security access in areas where sensitive patient information is stored
Remm said hospital officials know each patient name in the stolen laptop. She encouraged any patient who believes they might be impacted by the incident to contact RCRMC immediately.
“We have no reason to believe the computer is missing because of the patient information it contained,” Remm said. “But, our job is to safeguard our patients’ privacy and that’s what we are focused on doing.”
RCRMC, located in Moreno Valley, was established in 1893 as Riverside County’s general hospital. The hospital and its clinics provide nearly half a million inpatient and outpatient visits annually.
(h/t, The Press-Enterprise)