Belmont, MA July 28 – McLean Hospital announced today that it is notifying individuals related to a privacy incident involving information maintained as part of a research program. This incident did not involve any patient information from McLean’s medical records system.
On May 29, 2015, McLean learned that four backup data tapes related to the Harvard Brain Tissue Resource Center (HBTRC) at McLean were missing. McLean immediately began an investigation and also conducted a thorough search of its facilities in an effort to locate the tapes. The investigation determined that the backup data tapes, which were unencrypted, contained information on individuals associated with the HBTRC in various capacities, including deceased tissue donors, individuals who registered as potential donors, and, in some instances, their family members. The information contained on the tapes included names, dates of birth, diagnoses, and, in some cases, Social Security numbers.
McLean is committed to the security of all of the sensitive information that it maintains and is taking this matter very seriously. The hospital immediately took action to help ensure an incident like this does not occur again. Although to date it has been unable to locate the missing backup data tapes, McLean has no reason to believe that any of the information on the backup data tapes has been accessed or used inappropriately. It would take specialized software, equipment, and technical expertise in order to access the information on the tapes. However, as a precaution, McLean began mailing notification letters to affected individuals on July 28, 2015, and has established a dedicated call center to answer any questions they may have.
McLean has implemented new procedures relating to the security of its HBTRC research backup tapes, including encryption of all new HBTRC backup tapes going forward and enhancements to its process for the handling and storage of HBTRC backup data tapes.
For additional information about this incident, please visit the McLean website at www.mcleanhospital.org/privacy.
McLean Hospital is the largest psychiatric affiliate of Harvard Medical School and a member of Partners HealthCare. For more information about McLean, visit mcleanhospital.org or follow the hospital on Facebook or Twitter.
SOURCE: McLean Hospital
HealthITSecurity reports that the incident potentially affected 12,600 individuals.
The incident is not yet posted on HHS’s public breach tool. Under HITECH’s provisions, if the breach was discovered May 29, it should be reported by today even if it took time for McLean to determine whose data and what types were on the backup tapes. That said, it may already have been reported but hasn’t yet been uploaded by HHS’s web team. We’ll have to see when it was reported after it appears.