From their press release:
The Medical Center is currently notifying 5,418 patients of a breach of personal protected health information. The breach involves the theft of computer equipment from The Medical Center’s Mammography Suite containing information on patients who underwent bone density testing at The Medical Center between 1997 and 2009. We have no reason at this point to believe the device was stolen for the information on it or that any personal information has been released or used.
On April 1, 2010, we discovered that a piece of computer equipment had been stolen from The Medical Center Mammography Suite. Upon learning of the theft, we immediately conducted a comprehensive investigation of the incident, and the theft has been reported to the Bowling Green Police Department.
We have determined the information on the device included each patient’s full name, date of birth, address, medical record number and physician name. Some patients’ records also included information such as social security numbers, weight, height, and menopause age. The information on the hard drive was not encrypted; however, the hard drive was maintained in a locked, non-public, private area.
The Medical Center has stringent policies and procedures in place to protect patient information and takes very seriously its obligation to safeguard the personal health information of its patients. As a result of this breach, steps are underway to further strengthen the security of patient information. We will now archive data to a secure network, which will allow us to eliminate the need for use of a hard drive like the one that was stolen. Additionally, we will ensure that we do not have any other equipment configurations that utilize a portable hard drive containing non-encrypted data.
The Medical Center is following all of the requirements of the American Recovery and Reinvestment Act of 2009 and the Health Information Technology for Economic and Clinical Health Act which includes: notification of the U.S. Secretary of the Department of Health and Human Services; notification of patients who may have had their personal protected health information accessed by the breach; public disclosure to the local media; and posting information about the breach on The Medical Center’s website.
We have established a toll-free number at 1-877-338-8525 for patients with questions about this matter who live outside the Bowling Green area and who desire to talk directly with The Medical Center’s Privacy Officer. Local residents may reach The Medical Center Privacy Officer at 270-796-2100. In addition, affected patients may visit The Medical Center’s web site at www.TheMedicalCenter.org where updated information about this breach will be posted.
The full press release can be found at http://www.mcbg.org/pdf/Breachv12.pdf