Medical College of Wisconsin: Possible HIPAA Violations

by | Mar 4, 2015

The Medical College of Wisconsin has release a statement revealing that a data breach suffered has affected approximately 400 of its patients.

WDJT Milwaukee, an affiliate of CBS, was contacted on Feb 28, 2015 by a spokesperson for the Medical College of Wisconsin advising of a breach which exposed some confidential information of its patients. The breach happeneded on February 15, 2015, when a document and a laptop computer were taken from a physician’s car. The document contained sensitive information relating to approximately 400 patients. The laptop is understood only to have contained the information of a solitary patient.

It is not obvious exactly what information was stored on the laptop computer or in document at this time; although MCW has confirmed that no Social Security numbers or patient addresses were stolen.

Despite legislation that requires data encryption to be addressed, the healthcare industry has been slow to respond and use data encryption on its desktop workstations, laptop computers and other portable storage devices. Data encryption ensures that if a device is stolen, no information can be accessed by unauthorized people. When it is not used, a laptop theft can access the data of thousands, if not hundreds of thousands of patient records.

HIPAA does not require data encryption, only that it be addressed. If a similar level of protection can be supplied by other means, healthcare organizations are entitled to use these instead.

At The Medical College of Wisconsin, data encryption and other security controls are used in accordance with HIPAA regulations, yet these have been bypassed by a doctor.

The statement said, “Firm policies are in place prohibiting the downloading of patient information to portable media, as well as the secured transport of documents containing patient information.” It added “A violation of these policies occurred on February 15, 2015, resulting in the theft of a document containing private information on approximately 400 patients, as well as information stored on a laptop computer pertaining to one patient.”

All affected patients are now being contacted to advise them of the breach and the information that has been obtained illegally, and also to warn them to the possibility that their information may be used inappropriately. The Medical College of Wisconsin has also confirmed that it has now taken action to prevent further breaches of this nature from happening.

It is clear that a privacy violation has happened, although at this stage it is unknown to what extent HIPAA violations have occurred and who is to blame. suggest that the data on the laptop was not encrypted, which violates the privacy policies on the company website which state that electronic protected information (EPI) must be encrypted at all times.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy