When I goof, I goof. The other day, I posted an entry on Summit Medical Group. In that entry, I quoted from a published media source, but somehow mis-read the story and thought it concerned a laptop stolen from an employee’s car.
The breach did not involve a stolen laptop – these were paper documents, and my apologies to Summit Medical Group and my readers for my incorrect reading of the case.
That said, even documents containing PII and PHI should not be left in cars. In recent years, over 20% of breaches that come to public attention have involved paper records. While HIPAA does cover paper records, many state laws on security/data breaches do not cover such records.