Hartford Hospital and VNA HealthCare of Connecticut are notifying almost 10,000 patients that an unencrypted laptop containing their protected healthcare information, or PHI, was stolen almost a month ago. An employee of a vendor's subsidiary was performing data analysis on the laptop at home as part of a quality improvement project when it was stolen.
Unencrypted Protected Healthcare Information
Unencrypted patient data on the stolen laptop apparently included the following:
- Names and Addresses
- Dates of birth
- Marital status
- Social Security numbers
- Medicaid, Medicare and medical record numbers
- Diagnosis and treatment information
Unencrypted PHI Violated Policy
The press release claims that not encrypting the laptop violated the vendor's company policy, but did not go into more detail as to how this was allowed to happen.
Patients Notified and Steps Taken
In response to this potential breach, Hartford/VNA are notifying affected patients and taking the following additional steps:
- Offering two years of free credit monitoring
- Establishing a call center to respond to patient questions
- Providing information about free credit reports
They also claim to be doing everything in their power "to ensure that all protected health information in use by contractors is encrypted in order to prevent any misuse of data." And they claim that the vendor has destroyed all Hartford Hospital and VNA HealthCare data currently in its possession.