Boston's Beth Israel Deaconess Medical Center (BIDMC) recently announced that approximately 3,900 patient records were exposed when a doctor's personal laptop was stolen.
"The theft occurred May 22, hospital officials said Friday, and the stolen laptop, which contained a tracking device, has not been recovered," writes The Boston Globe's Kay Lazar. "Police were notified and a suspect has been arrested in the case, the officials said. The hospital hired a national forensic firm to investigate whether data were compromised, and it has found no indication that any information has been misused, according to the hospital."
"The health information on the computer wasn’t complete health records or social security numbers, but did include short summaries of medical information used for administrative purposes within BIDMC," writes EHR Intelligence's Patrick Ouellette. "There were also 230 administrative employee records on the laptop."
"We take the incident extremely seriously, and have now accelerated implementation of a program to assist employees with protecting devices they purchase personally," BIDMC chief information officer John Halamka said in a statement. "We deeply regret and apologize for any concern or inconvenience this situation may cause our patients and families."
"Halamka said the breach has been 'a teachable moment' that led the hospital to immediately change its encryption policies," iHealthBeat reports. "'We have said to our employees that there is now a mandatory encryption program,' Halamka said, adding, 'So any device that is used in any way with our data, whether it is patient-related or administrative, it must be encrypted.' According to Halamka, the process of encrypting an estimated 1,500 personal devices used by the hospital's 6,000 employees likely will take three months."