Unencrypted laptop goes missing
Nearly 600 patients seen at UT Physicians, the medical group practice of the University of Texas Health Science Center at Houston Medical School, are being notified that their protected health information has been compromised after an unencrypted laptop was discovered missing from a UTP clinic.
The laptop, which was discovered missing Aug. 2, connected to an electromyographic machine and thus contained patient clinical myogram data in addition to patient names, birth dates and medical record numbers, UTHealth officials say.
[See also: Setback for Sutter after $1B EHR crashes.]
"UT Physicians is committed to patient privacy and deeply regrets that this incident occurred," read an Aug. 28 UTHealth notice. "The medical group and UTHealth have taken steps to ensure that the missing laptop in the orthopedic clinic is an isolated incident."
For the last two years, UTHealth and UT Physicians has had a comprehensive encryption policy in place where they encrypted all company laptops, totaling more than 5,000 laptops. Amar Yousif, chief information security officer at UTHealth, said just in the last few months, they've put a policy in place to encrypt all desktops as well. "This laptop was missed because it was not your typical laptop," Yousif told Healthcare IT News. "It was really closer to a medical device than it is to a laptop. It was a component of an EMG system, and therefore it didn't make it to the inventory as a computer."
Added Yousif, "Now, that's a bad thing of course because we missed it. But I like to think of it as a good thing as well because we now know about this vulnerability in our process."
Currently, UT Physician officials are working with law enforcement who are conducting a physical search of all clinics and offices to ensure there are no other unencrypted laptops or storage devices attached to medical equipment. They're also changing the acquisition process of medical devices, so they'll now have to review these devices to see if there is a computer attached to them, so they could encrypt that computer.
[See also: Get set: New HIPAA has teeth.]
