Washington University School of Medicine notifies surgery patients of breach
Washington University School of Medicine is notifying surgery patients of a breach:
Washington University takes seriously the protection of our patients’ health information. Regrettably, this notice is regarding a recent incident involving some of that information.
On November 29, 2012, Washington University learned that a physician’s laptop computer was stolen on November 28, 2012 from the room where the physician had delivered a lecture at a conference in Argentina. We immediately began a thorough investigation to identify the information that was on the computer. After a detailed review, we confirmed that the laptop was password protected, but it was not “encrypted,” which is a technology that scrambles the computer’s data in a way that makes it more difficult for an unauthorized user to retrieve the information. The laptop contained some information on approximately 1,100 patients, including names, dates of birth, medical record numbers, diagnoses, the types and dates of surgery, and in 39 instances, Social Security numbers. To date, the computer has not been located.
No actual medical records were on the computer and they have not been lost, so this incident does not affect patients’ or their doctors’ ability to access medical information and will not interfere with patients’ ability to receive care from their Washington University physician. Most university patients are not affected. All of the affected individuals were patients of a Department of Surgery physician from 2002 to present.
We have no reason to believe the computer was taken for the information it contained. However, out of an abundance of caution, we began notifying affected patients on January 11, 2013. We have also established a dedicated call center for patients with questions and are offering identity protection services to eligible individuals. If you believe you are affected but do not receive a letter by January 25, 2013, please call 1-888-414-8020 Monday through Friday between 8 a.m. and 5 p.m. Central time and enter the reference code 4692010712 when prompted.
We deeply regret any inconvenience this may cause our patients. To help prevent something like this from occurring in the future, we are expanding our use of encryption on portable devices and re-educating our workforce members regarding the importance of handling patient information securely.
The St. Louis Post-Dispatch broke the news.