Statement issued by University of Oklahoma College of Medicine – Department of Obstetrics & Gynecology on July 2, 2015:
OU Physicians is committed not only to providing quality care, but also to the proper handling and protection of its patients’ information. As part of its commitment to patient privacy, and out of an abundance of caution, OU Physicians is sending letters to certain individuals to notify them of a potential privacy matter.
On the June 12, 2015, OU Physicians learned that a laptop had been stolen from a physician’s car earlier that day. The laptop had a list of information on it related to two groups of individuals. For one group of individuals, the information included full name, medical record number, date of birth, age, the name and date of a gynecologic or urogynecologic medical procedure, patient account number, and admission and discharge dates for that procedure (if the procedure was an inpatient procedure). Social Security numbers and credit card numbers were not included. Addresses were not included. These individuals had gynecologic or urogynecologic procedures at the OU Outpatient Surgery Center or the Presbyterian Tower between January 1, 2009, and December 31, 2014. The information for other group of individuals included last name and first initial, age, and information related to pregnancy, such as lab results and medications, delivery date, and problem and allergy list. Social Security numbers, credit card numbers, and birth dates were not included. Addresses were not included. These individuals were inpatients for high risk delivery or pregnancy services at OU Medical Center from approximately September 24, 2014, to May 31, 2015.
The physician immediately contacted the local police; to date, they have been unable to recover the laptop. The police will notify the physician if the laptop is recovered.
OU Physicians is not aware of any misuse of any of the information or of any actual access to any of the information. However, OU Physicians takes the matter seriously, so it is notifying the individuals affected by letter. For those individuals who believe it is necessary and, as an extra measure of security, OU Physicians will provide a one-year subscription to credit monitoring and reporting services.
The University of Oklahoma is continuing to review this situation and is taking additional steps to prevent similar incidents from occurring, such as providing additional training to workforce members and revising certain procedures governing the protection of electronic information. Individuals who believe they may be affected and who have not yet received a letter may contact the University’s Office of Compliance at 405-271-2511 or toll-free at 1-866-836-3150.
According to HHS’s public breach tool, 7,693 patients were affected by the breach.