In October 2011, I noted that HHS had added an incident to the breach tool for which I could find no additional information:
“Diversified Resources, Inc.”,GA, 863, 8/11/2011, Theft, Laptop
On September 4, 2014, HHS added a summary to the entry, indicating that its investigation is now closed:
“Diversified Resources, Inc.”,GA,””,863,08/11/2011,Theft,Laptop,09/04/2014,”
A password protected, but unencrypted laptop computer was stolen from a nurse’s car. The laptop contained the electronic protected health information (ePHI) for 863 individuals receiving services from the covered entity (CE), Diversified Resources, Inc. The ePHI involved in the breach included names, addresses, phone numbers, primary care physicians’ names, caregiver contacts, and social security numbers. The CE provided breach notification to HHS and affected individuals. Following the breach, CE reviewed its policies and procedures, applied employee sanctions, retrained its workforce, and improved safeguards by requiring file-level encryption. Pursuant to technical assistance provided by OCR, CE implemented additional administrative safeguards, including a new policy prohibiting employees from leaving laptops unattended in a vehicle.”