A piece of paper with the password to personal information of 16,288 patients is missing after a home invasion of a former employee. UCLA Health System on Friday notified the thousands of at-risk patients that an external hard drive containing the encrypted information was stolen in September.
Although the health system says there are no reported misuses or accessed information following the incident, the information included first and last names and may have included birth dates, medical record numbers, addresses, and medical record information. The information did not include Social Security numbers or any financial information, according to an UCLA statement.
The day after the theft, the owner of the hard drive notified UCLA Health about the event. UCLA worked with the employee to identify the affected individuals to notify them, according to the statement. The health system also reported the incident to Health & Human Services.
"UCLA Health System is reviewing its policies and procedures and will make any necessary revisions to help reduce the likelihood this will happen again. In addition, UCLA Health System will provide additional education and awareness to its workforce members regarding the appropriate methods for storing patient information," the statement said.
Earlier this year, UCLA agreed to pay a fine of $865,000 and to develop a correction action plan to settle potential HIPAA privacy violations involving improper disclosures of medical records at its three hospitals.
For more information:
- read the public notice from UCLA
UCLA Health System pays $865G to settle HIPAA violation charges
Dirty ORs threaten UCLA Medicare funds
State law mandates more data breach info
Hospital system fires 32 for peeking at EMRs
Feds to impose first civil fine ever in HIPAA case