OT: Stolen medical data

Siri Amrit Kaur tigerflag at tigerflag.com
Wed Sep 7 09:23:07 MST 2005 

On Tuesday 06 September 2005 08:16 pm Kevin Brown kindly wrote:
> > My husband just found out today that several laptop computers
> > containing medical data, including social security numbers, were
> > stolen from his doctor's office. His data was on the stolen
> > computers. The laptops belonged to the company that manufactured
> > his hip implant. Company reps were at the doctor's office
> > reviewing, and apparently collecting, patient data.
> >
> > I am really steamed. What kind of idiots put sensitive data on
> > easily stolen computers? Everybody, it seems. I have to call them
> > tomorrow and try to find out if the data was encrypted. It
> > probably wasn't.
>
> The kind that need to be able to access the data from places other
> than sitting behind their desks.  My cousin is a doctor and they
> are utilizing tablet PCs for data entry and retrieval while talking
> with patients.  This allows them to be able to fill out forms once
> and then have them synced up to the server.  Reduces paper used in
> the office and makes things easier on the staff to retrieve.
>
> > In compensation, they gave him a free year with a credit
> > monitoring / ID-theft prevention service, but we're not
> > satisfied. We're always told to safeguard our SS#, but every Tom,
> > Dick and Harry insists on having it, and then they give it away
> > to strangers and fail to protect it! Is there anything we can do
> > to try to protect him, and to punish these idiots?
>
> They insist on it because it is a "unique" identifier that even
> Uncle Sam recognizes as being "you".  IIRC, it used to be illegal
> for anyone other than HR at your current employer to have that
> number, but it slowly got used for other things by the government
> and then in the private sector.

I just found out that this data was stolen way back in January. 
Supposedly, according to HIPAA, it was the doctor's responsibility to 
notify his patients, but because his office didn't do it, the other 
company just did. 

I asked them why they felt they needed patients' SS#. Their lame 
response was so that if they ever needed to send out a recall notice, 
they could search the Social Security death records so they wouldn't 
accidentally contact a dead person.

More information about the PLUG-discuss mailing list