PHI of 660 Patients Exposed Due to Missing Device

by Ryan Coyne | Feb 3, 2018

660 patients of Eastern Maine Medical Center are being notified that some of their protected health information may have been been exposed after a ortable hard drive, that stored sensitive information, has gone missing from its State Street facility, in Bangor, ME.

The device in question lacked encryption and data on the device could be obtained without the need for a password. It has not been confirmed that the device definitely was stolen, but it (the device) could not be found during a search of its facility. The drive was last seen in its normalplace on December 19, 2017 and was discovered that it was missing on December 22.

This device belonged to a business associate of Eastern Maine Medical Center and stored limited patient data. No Social Security numbers, financial information, or health insurance particulars were present on the device, only full names, birth dates, dates of service, medical record details, one-word condition descriptors, and procedural pictures.

The patients affected by the breach had attended the medical center for cardiac ablation procedures between January 3, 2011 and December 11, 2017. Not all patients who attended the medical center for those procedures were impacted. Some patients had their data stored in other places.

The possible theft has been made known to law enforcement and investigations into the circumstances regarding the loss/theft of the hard drive are ongoing. A comprehensive search of the facility was completed although the device has now been officially classified as lost and patients are now being made aware the breach by mail.

The slowness in issuing breach notification letters was due to the time needed to search the facility and find out which patients’ PHI was saved on the device.

Despite the fact that the types of data needed to commit identity theft were not exposed, all patients affected by the incident have been offered free identity theft monitoring and protection services for one year out of “an abundance of caution”.

President of Eastern Maine Medical Center Donna Russell-Cook commented “We take our commitment to uphold our patients’ privacy very seriously and are reviewing our processes to strengthen data security.”

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter