On May 10, Indiana University Health Arnett began notifying some of its patients that their personal data may have been exposed when an employee's password-protected laptop was stolen from the employee's car a month earlier, on April 9, 2013 (h/t PHIprivacy.net).
According to Arnett, e-mails stored on the laptop may have contained patient names, birthdates, medical record numbers, diagnoses, dates of service and physicians' names. The Lafayette Journal and Courier reports that the laptop contained information on a total of 10,300 patients.
Arnett says the laptop did not hold any patients' Social Security numbers, financial information or medical records.
"We apologize for any inconvenience this may cause you," Arnett said in a statement. "Arnett takes very seriously its obligation to keep the information it maintains secure and we appreciate the trust that you place in us. Arnett is reviewing its policies and procedures to minimize the chance of such an incident occurring in the future. In addition, Arnett has mandatory privacy and security training for all of its workforce members."
While there's no indication that the data on the laptop was accessed, Arnett is notifying affected patients as a precuation. Patients with questions are advised to call (888) 722-0627.