Park Ridge-based Rainbow Hospice and Palliative Care is alerting patients after a laptop computer containing patients’ personal information was stolen during a nurse’s home visit in April.
The theft occurred April 12 in Chicago, Rainbow Hospice announced publicly last week. The computer contained patient names, addresses, social security numbers, insurance information, medications, treatments and diagnoses, the health care provider said. Individuals with information stored on the computer were notified.
“The laptop was encrypted and although there is no evidence that the information has been accessed or used inappropriately, we cannot rule out the possibility and are notifying potentially affected individuals to help protect their identity,” said Rainbow Hospice’s Vice President and Chief Compliance Officer Amy Frazier in a statement released May 27. “
Read more on Pioneer Local.
It was encrypted but they notified everyone and are offering free services? Unusual.
According to the article below, the the laptop was stolen while it was on–meaning that the computer was not technically encrypted at the time of theft (sounds like they had disk encryption in place).
http://www.healthdatamanagement.com/news/encryption-breach-notification-laptop-ocr-40413-1.html
Thanks so much for pointing that out. Even when entities try to be responsible, it doesn’t always turn out well. This seems to be one of those situations in which I can actually feel sorry for the entity and give them credit for doing the right thing by recognizing that the safe harbor didn’t apply.