On December 21, Children’s Hospital Los Angeles and the Children’s Hospital Los Angeles Medical Group learned that a laptop had been stolen from a locked car of one of the physicians. The laptop, which contained minor children’s protected health information, was unencrypted.
According to a notification letter dated January 13, a copy of which was submitted to the California Attorney General’s Office:
The laptop may have had files on it with your child’s name, date of birth, address, medical record number and some clinical information. We have been working with law enforcement but, to date, they have been unable to find the stolen laptop.
In response to this incident, the hospital and medical group say that they are, “enhancing the encryption levels of all laptops that physicians use in the provision of care for patients.”
Parents of affected children were advised to check explanation of benefits statements or communications from health insurers carefully, although they have no evidence that the information has been used.
Update: This post was edited post-publication after receiving a copy of this notice from CHLA:
Children’s Hospital Los Angeles (CHLA) and Children’s Hospital Los Angeles Medical Group (CHLAMG) learned on Dec. 21, 2016 that a laptop stolen on Oct. 18 may have contained personal health information for nearly 3,600 patients.
The password-protected laptop was stolen from the locked personal vehicle of a CHLAMG physician who practices at CHLA. An initial investigation indicated that the laptop had been encrypted to current institutional standards. Upon additional review and historical discovery, on Dec. 21, 2016, it was determined that there was a possibility that the laptop was not encrypted. Out of an abundance of caution, the institutions are notifying patients who may have had limited information stored on the laptop which included name, address, medical record number and some clinical information.
“Following the notification regarding the burglary, an investigation took place to determine whether patient health information existed on the laptop,” says CHLA spokesman Lorenzo Benet. “Based on the investigation, the laptop has not been used to access the internet. From that information, we believe that all data may have been erased from the device without any patient data being accessed.” Additionally, a protocol has been established to erase data from the device the next time it logs onto the internet.
Impacted families will be notified by mail in the coming days. Patients and families will be instructed to carefully review their health insurance documents (including any Explanation of Benefits Statements) for signs that their health information is being misused and, should they identify anything that looks inaccurate, notify their insurance company.
Physician members of the Children’s Hospital Los Angeles Medical Group provide medical care for patients treated at Children’s Hospital Los Angeles. CHLA and CHLAMG jointly implement electronic security to protect patient data. Protocols have been established and technology is being utilized to safeguard the hospital’s equipment.
All patients who may have been affected are being proactively alerted by mail. Patients who are concerned about this notice may call 1-844-299-6983, Monday through Friday between 6 a.m. and 6 p.m. Pacific Time to find out more.