Boston Children’s Hospital has notified patients of a potential breach of protected health information (PHI) as a result of a stolen laptop computer. The computer was in the possession of a Boston Children’s staff member attending a conference in Buenos Aires. According to Boston Children’s, the laptop was password protected but not encrypted. It contained patient information, which had been sent to the laptop as an email attachment.
The file include patient name, medical record number, date of birth, diagnosis, procedure and date of surgery for 2159 patients. The hospital says there was so patient financial data or Social Security numbers involved. Even though the file was not saved to the laptop’s hard drive, it was still on the laptop in the email attachment at the time of the theft. After extensive review and investigation, Boston Children’s staff was unable to determine whether or not the file was accessible on the laptop.
“Boston Children’s takes this incident and the protection of protected health and personal information extremely seriously,” Daniel J. Nigrin, M.D. CIO and senior vice president for Information Service, said in a statement. “We take great measures to ensure that Protected Health Information is never inadvertently released, and we are undertaking additional steps to prevent breaches such as this in the future. We deeply regret and apologize for any concern or inconvenience this situation may cause our patients and families.”
Patient and families have been notified of the data breach by mail.