URMC notifies patients of possible privacy breach

The University of Rochester Medical Center (URMC) has sent letters to patients seen by one of its surgeons over the last three years, alerting them to the possibility that their personal health information may be at risk.

Earlier this week, URMC notified 837 current and former surgery patients that one of the doctors who cared for them misplaced a USB computer flash drive that contained protected health information on a set of his patients. The physician used the flash drive to transport information he used to provide follow-up care. The information was copied from other files and so its loss will not affect follow-up care for any patients.

Because the surgeon is unsure exactly which patients’ information was included on the drive, URMC is taking the extra precaution of alerting all of the patients he has seen over the last three years. URMC says that it is highly unlikely that information on all 837 patients was contained on the drive.

The information on the device did not include addresses or social security numbers. However, it did include patients’ names, date of birth, diagnoses, first appointments and surgery dates, and other information about the patients’ illnesses.

Read more on WHEC. As of the time of this posting, I do not see any notice on URMC’s web site linked from their home page.

Really. How hard would it be to download and install a free encryption program such as True Crypt so that all of the data on the drive would have been encrypted?

About the author: Dissent