OHSU Contacts 4,000 Surgery Patients After Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

OHSU Contacts 4,000 Surgery Patients After Data Breach

March 26, 2013
by Rajiv Leventhal
| Reprints

Oregon Health & Science University (OHSU) is in the midst of contacting approximately 4,000 patients after a laptop containing some of their personal health information was stolen. The laptop was taken during a burglary at an OHSU surgeon's vacation rental home while in Hawaii in late February.

Officials say that the computer's desktop and documents folder did not contain sensitive data; almost all of the patient information was contained within daily surgery schedules that are e-mailed to surgeons scheduled to operate in OHSU's operating rooms. Those schedules attached to e-mails were for surgeries that took place in late 2012 through February 20, 2013. Information located in those daily schedules was limited to:

  • Patient names
  • OHSU patient medical record numbers
  • Type of surgery for each patient
  • Surgery dates, times and locations (limited to surgeries in late 2012 through Feb. 20, 2013)
  • Patient gender
  • Patient age
  • Name of the surgeon and anesthesiologist

In addition, OHSU security investigators determined that a small number of the approximately 5,000 emails stored on the laptop contained Social Security numbers for a total of 17 patients, who are being offered free identity theft monitoring.

Officials said encryption was required only for laptops used for patient care. Because the laptop in question was purchased and used for research purposes, it was not encrypted. In an effort to prevent similar issues in the future, OHSU recently enacted even more stringent encryption requirements.

"OHSU believes cash and physical items were the target of the burglars, not the data within the e-mail program on the computer. In addition, based on our analysis of the kind of data on the computer, we believe there is little to no ID theft risk for almost all the patients involved,” Ronald Marcum, M.D., OHSU's chief privacy officer and director of OHSU's Integrity Office, said in a statement. "However, in the interest of patient security and transparency and our obligation to report unauthorized access to personal health information to federal agencies, we are contacting all impacted persons.”

OHSU sent letters to the affected patients late last week. Patients who were impacted should receive letters in the mail within a week.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

MGMA: Physician Compensation Data Illustrates Nationwide PCP Shortage

Primary care physicians’ compensation rose by more than 10 percent over the past five years, representing an increase which is nearly double that of specialty physicians’ compensation over the same period, according to the Medical Group Management Association (MGMA).

Circulation, Buoy Health Collaborate on Integrated Platform for Patient Transportation

Boston-based startup Circulation Health, a ride-ordering exchange that coordinates medical transportation logistics using Lyft and other transportation partners, is partnering with Buoy Health, also based in Boston, to integrate their platforms to provide patients with an end-to-end healthcare experience.

HITRUST Provides NIST Cybersecurity Framework Certification

The Health Information Trust Alliance (HITRUST), security and privacy standards development and accreditation organization, announced this week a certification program for the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (Framework).

Report: Interoperability in NHS England Faces Similar Barriers as U.S. Healthcare

Electronic patient record interoperability in NHS England is benefiting patient care, but interoperability efforts are facing barriers, including limited data sharing and cumbersome processes falling outside of the clinician workflow, according to a KLAS Research report.

Geisinger National Precision Health Hires Illumina Exec to Lead Business Development

Integrated health system Geisinger has hired a high-profile genetic counselor to head up business development for Geisinger National Precision Health, which was created to extend the Geisinger model on the national scene.

$30M VC Fund Launched to Spur Innovation in Cardiovascular Care

The American Heart Association, together with Philips and UPMC, has announced the launch of Cardeation Capital, a $30 million collaborative venture capital fund designed to spur healthcare innovation in heart disease and stroke care.