Rotech Healthcare recently began notifying its employees that it learned on August 30, 2013 that a former employee took a personal computer containing sensitive files with her when she stopped working at the company on November 26, 2010 (h/t PHIprivacy.net).
The files contained personal information regarding Rotech employees and their dependents, including names, addresses, Social Security numbers, carriers administering their healthcare coverage, and/or information about medical or pharmacy services received.
“Our former employee appears to have removed this personal information inadvertently,” Rotech chief privacy officer Robin L. Menchen stated in the notification letter [PDF]. “She has deleted all personal information from the device on which this information was stored, and is returning the device to us.”
“In response to this incident, we are reviewing and enhancing our information security practices and procedures to reduce the risk that someone can take electronic files containing personal information away from our premises,” Menchen added. “We are also providing additional training to all employees with access to personal information to remind them of their obligations to safeguard it and to keep it confidential.”
While the company doesn’t believe the data was misused, all those who Social Security numbers may have been compromised are being offered a free one-year membership in Experian’s ProtectMyID Alert service.