Beth Israel Deaconess Medical Center (BIDMC) in Boston is in the process of notifying approximately 3,900 patients of a potential breach of protected health information (PHI) as a result of a physician's stolen personal laptop computer.
The computer was stolen from the office of a BIDMC physician on May 22. The computer, which contained a tracking device, has not been recovered nor has the tracking device been activated.
In addition to notifying law enforcement, which arrested a suspect in the theft, BIDMC engaged a national forensic firm to investigate whether data were compromised.
There has been no indication that any information has been misused. The laptop contained files that included short summaries of medical information used for administrative purposes within BIDMC, but did not contain complete medical records and did not contain patient financial information such as Social Security numbers. The stolen laptop also contained approximately 230 administrative employee records.
“We take the incident extremely seriously, and have now accelerated implementation of a program to assist employees with protecting devices they purchase personally,” said John Halamka, MD, BIDMC’s CIO. “We deeply regret and apologize for any concern or inconvenience this situation may cause our patients and families.”
BIDMC has enhanced physical security in office buildings and mounted a campaign to raise awareness about data security issues within the organization at all levels. The facility also announced plans to notify affected patients through the U.S. Postal Service and provide them with a toll-free telephone number.