Unencrypted protected health information was on a laptop stolen in a home invasion at a physician’s home.
In addition to a short statement posted to the DeanCare web site, Dean Clinic and St. Mary’s Hospital in Wisconsin also issued a press release, reproduced on NBC15’s web site:
On November 8, 2010, we received a report that a personal laptop computer containing information for a specific group of patients was stolen from a Dean Clinic physician in a home invasion robbery. The theft was reported to the police and immediately investigated.
We are sorry this happened and want to provide pertinent information concerning the occurrence along with the steps we are taking to minimize any potential impact.
We have identified 3,288 patients who may have been affected. We are notifying each of the patients or their guardians by letters mailed December 18, 2010. Care was received at Dean and St. Mary’s Hospital or the St. Mary/Dean Surgery & Care Center.
Upon our own thorough investigation and our attempts to identify the affected patients, we determined that the information on the laptop included some protected health information relating to a surgical procedure. The information was limited to the patient’s name, date of birth, medical record number, name of procedure and related diagnosis, date of service and, in some cases, pathology data. The laptop did not contain any Social Security numbers, addresses, phone numbers, credit card numbers, or financial information of any kind.
[…]
A support site concerning the breach was created by ID Experts at http://www.yourpatientprivacy.com