The California-based Retinal Consultants Medical Group website says it offers patients “uncompromising care,” but a compromise of data is exactly what patients got after a laptop containing sensitive client information was stolen.
How many victims? Unknown.
What type of personal information? Name, date of birth, gender, race and optical coherence tomography images – all unsecured.
What happened? An investigation is ongoing, but the laptop was stolen after the office was closed.
What was the response? The theft was reported to the local police department. A letter dated July 31 was mailed to affected patients alerting them of the breach. The company is increasing the physical security of imaging and other equipment stored at its offices, increasing the interior and exterior security of its offices, and requiring additional information when confirming a patient's identity on the phone. Additional (though undisclosed) steps are being taken to secure laptop data.
Details: Employees discovered on June 7 that the laptop, a component of a diagnostic imaging machine, was stolen sometime after the offices closed on June 5. An investigation is ongoing.
Quote: “As a result of our investigation we are not aware of any unauthorized use of the PHI [protected health information] by an unauthorized individual, or that the PHI was actually acquired or accessed,” privacy official Chris Mentink said.
Source: retinalmd.com, “Important HIPAA Breach Notification for our Patients,” July 31, 2013.