Urology patient security breach at Henry Ford

An employee's laptop containing unsecured personal health information was stolen from an unlocked urology medical office at a Henry Ford Health System facility on Sept. 24, the Detroit News reports. A Henry Ford spokesman would not say how many people were affected, but the system notified all male patients who received prostate services between 1997 and 2008 in letters sent out last week.

The laptop held patient information including patient names, medical record numbers, dates of birth, snail mail and e-mail addresses, telephone numbers, treatments and doctor visits. No Social Security numbers or insurance information were kept on the laptop.

Although the laptop was password protected, it did not have all the security protections required of laptops that store patient information, Meredith Phillips, Henry Ford's chief privacy officer, told the News.

Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse in San Diego, Calif., said the data should have been encrypted. He speculated that the information on the stolen laptop contained data about people with diagnoses-real or potential--for prostate cancer.

Like Holy Cross Hospital in Fort Lauderdale, Henry Ford has set up a telephone hotline, and is offering one year of free credit monitoring to those patients whose information was on the laptop.

Last week, Dr. John Popovich Jr., who is president and CEO of Henry Ford Hospital, launched a CEO blog, promising to tell all, according to a press release. But nothing on his new blog has made a reference to this security breach yet. Nor does the health system's website contain any information regarding the breach. This might be the perfect opportunity for the CEO to test social media's ability to allay fears and build loyalty during a crisis.

To learn more:
- read the Detroit News article
- here's the Click on Detroit article

Related Articles:
HHS: Laptop theft is No. 1 source of health data breaches
10 Egregious patient privacy breaches
Data breaches cost your hospital $1 million a year
Easily preventable privacy breaches cost hospitals millions
Stolen ER patient data prompts hospital to offer free credit monitoring