Electronic Health Records


Stolen laptop leads to health data breach at Apria Healthcare

By Kyle Murphy, PhD

- A laptop stolen from the locked car of an Apria Healthcare employee has exposed the protected health information (PHI) of as many as 11,000 patients. The healthcare company provides home infusion, respiratory, and medical equipment in all 50 states in more than 500 locations.

According to a company press release, the theft occurred on June 14, 2012, in Phoenix, Arizona; however, its ramifications could extend to California, New Mexico, and Nevada because of the laptop’s use in billing services. A report in the Arizona Daily Star has noted that 4,178 of the approximate 11,000 patients affected reside in Arizona. The California-based company immediately notified local law enforcement and began its own internal investigations, which revealed that PHI included Social Security numbers and names. Potentially, it also comprises dates of birth and other personal information.

In Apria’s official announcement, the company’s Associate General Counsel and Privacy Officer Doreen Bellucci revealed that the company will review its security measures. This includes encrypting laptops and other internal privacy safeguards, she told that Arizona news outlet. Apria will supply affected patients with a year’s worth of credit monitoring.

This latest incident is troubling for two reasons: first, the lack of physical safeguards; second, the lack of technical safeguards. While locks and alarms will only slow down rather than deter a dedicated thief, they don’t make up for the sheer negligence of exposing such valuable piece of hardware to prying eyes and wandering hands. Moreover, the lack of encryption smacks of a blatant disregard for the trust patients put into providers regarding their personal and financial information.

  • EHR systems and patient stories in healthcare
  • National pharmacy chains inject Surescripts with immunization reports
  • EHR Use Prevalent Among Skilled Nursing Facilities in 2016
  • CIO series: Cook Children’s Theresa Meadows
  • EHR Interoperability Stakeholders Facing 5 Major Challenges
  • HHS tackles EHR, data disaster preparedness through HIE
  • EHRs drive proliferation of ACOs, PCMHs in quest for quality
  • CommonWell comments on its role in HIE, interoperability
  • athenahealth Makes Big Move into Rural Hospital EHR Market
  • CHIME Urges CMS to Issue Final Rule on EHR Incentive Program
  • ONC Working with Health IT Innovators to Improve Interoperability
  • CMS Extends Meaningful Use Attestation Deadline to March 11
  • AHA, AAHC Challenge Meaningful Use, Payment Fraud Accusations
  • What decides the success of ACO, population health models?
  • Data analytics, info sharing vital to HHS nominee’s approach
  • CMS to Prioritize Health IT Innovation, Regulatory Relief
  • Audit Questions Health Information Exchange Oversight in VT
  • Accountable Care, Patient Portals Lag Behind Expectations
  • What HIPAA compliance means in the cloud
  • Top 50 Most Popular Hospital Inpatient EHR Systems in US
  • Will Altering EHR Incentive Programs Raise EHR Implementation?
  • Study: Advanced EHR use brings 9.6% cut in patient costs
  • New EHR legislation could boost specialist participation in Meaningful Use
  • Mostashari at HIMSS13: Healthcare is broken, but we can fix it
  • CVS Offering Prescription Benefit Information Through Surescripts
  • Hagel: “We’re way behind” on VA, DoD integrated EHR
  • Are hospitals capturing the necessary data for Stage 2 CQMs?
  • KLAS taps 3M as top medical records coding product of 2012
  • athenahealth, eClinicalWorks, Epic to Launch Virtual Assistants
  • Federal Opioid Commission Seeks PDMP Health Data Exchange
  • Interoperability, finances, participation still plague HIEs
  • mHealth market to grow by 61%, will hit $26 billion by 2017
  • OIG monitoring of meaningful use to include CEHRT security
  • ONC targets 2024 for full health IT interoperability
  • Are patient portals a substitute for discharge summaries?
  • ONC, Kaiser Permanente discuss the role of health IT in patient care
  • Where do patient engagement and empowerment differ?
  • Q&A: Maine HIE sees high satisfaction in 2012, new tasks in 2013
  • ONC Releases Health IT Certification Surveillance Results
  • CommonWell First to Use Argonaut Project FHIR Specifications
  • Affordable Care Act to broaden care access from HHS funds
  • AHA, HIMSS Support CMS Plans for Meaningful Use, MyHealthEData
  • WEDI Presents Sullivan Award for Health IT Leadership
  • AMA Lists EHRs, Meaningful Use, ICD-10 as Top 2015 Challenges
  • Patient portals boost diabetic medication adherence by 6%
  • Recapping EHR Meaningful Use Program Modifications Since 2014
  • Health IT Standard eDOS Enables EHR Interoperability, Savings
  • Will the SGR Bill Lead to an ICD-10 Implementation Delay?
  • CMS Streamlines Clinical Quality Measure Reporting Guidelines
  • 2018 VA MISSION Act to Improve Health Data Exchange for Veterans
  • MBTC offers Medicare EHR Incentive Program training
  • Mixed Financial Performance for Medicare Shared Savings ACOs
  • CMS Updates Electronic Clinical Quality Measure Value Sets
  • Accountable Care Organization EHR, HIE Use by the Numbers
  • Industry Experts Provide Meaningful Use Summaries, Analysis
  • ONC Promises 2015 Health IT Certification Companion Guides
  • EHR vendor selection checklist for small practices
  • Keeping ICD-10 Transition Readiness at the Forefront
  • Governance: A critical path to achieving meaningful use success
  • Is $2.35 per Patient a Fair Price for EHR Interoperability?
  • CMS Requests Comments on EHR, Health IT Certification Rule
  • CMS Final Rule Incentivizes Interoperability, Health Data Exchange
  • DirectTrust Health Data Exchange Likely to Hit 170M Transactions
  • HIMSS15: ICD-10 Transition, Partnerships, and Speakers
  • Top healthcare performers are often EHR users
  • What Slowed Progress of Health Data Exchange in 2014?
  • Mostashari: Beacons show health information exchange’s value
  • Negative profits, limited ICD-10 prep in 2014 for physicians
  • ICSA Labs announces 2014 EHR certification pilots
  • AMGA Pushes Congress Toward Accelerating Value-Based Care
  • AHIMA 2013: How Sutter Health educates physicians for ICD-10
  • ONC announces next CONNECT User Group Meeting
  • $260M in false billing identified by Medicare Strike Force
  • comScore survey shows physician’s online, mobile tendencies
  • Cerner Launches $4.3-Billion Campus Expansion in KC
  • ONC calls for submissions to improve Blue Button design
  • Has Health Information Exchange Improved Healthcare Reform?
  • Epic Systems Wins $940M in TCS Dispute over Trade Secrets
  • Allscripts Expects Paragon EHR Success After Encouraging Quarter
  • Consumer Group Calls on HHS to Improve Health Data Sharing
  • Ordering, referring denial edits will begin Jan. 6, 2014
  • Moving Toward a Universe of Health IT Interoperability
  • EHR usability, satisfaction are falling among physicians
  • Should physician societies endorse and approve mHealth apps?
  • Leapfrog: Only 26% of hospitals get an “A” in patient safety
  • ONC Says EHR Interoperability, HIE Reaches 40% of Hospitals
  • ONC Seeks Input on Measuring Interoperability under MACRA
  • Re-engineering patient safety through EHR, health IT
  • Achieving meaningful use using outside resources: CIO series
  • ONC focuses on long-term care providers to reduce readmissions
  • Value-Based Care Fueling Provider Demands on Health IT Companies
  • ICD-10 Implementation Costs Hinge on Physician Practice Size
  • MITECH Act again aims to expand meaningful use eligibility
  • CHIME Supports for Potential EHR Meaningful Use Changes
  • Physician survey: More use EHR, few are satisfied
  • Survey: Patients want more control, but only 19% have access to a PHR
  • Physicians Spend Less When EHRs Default to Generic Drugs
  • AHA: Medicare should expand data transparency, availability
  • How Meaningful Use Requirements Support Population Health
  • Surescripts: 48% Increase in Health Data Exchanges in 2015
  • At the very least, an entity covered under the Health Insurance Portability and Accountability Act (HIPAA) needs to put administrative safeguards in place to analyze the risks associated with PHI. It should include the education of staff to ensure that all members are aware of an organization’s safeguards.

    It’s not unlikely that an employee working at multiple locations should need to carry a laptop between worksites. However, this practice should carry with it special procedures and protocols to ensure that PHI in physical transit is not unnecessarily exposed to a health data breach. Hopefully, fewer covered entities will avoid doing the bare minimum to safeguard patient information.

    Browse the latest EHR, MeaningfulUse and ICD-10 White Papers and Guides 

    Related Articles:

    Summer of the Health Data Breach continues
    • Computer stolen from Stanford Hospital leads to health data breach
    • Hartford Hospital and VNA HealthCare report health data breach
    • Northwestern Memorial announces theft and health data breach




    Sign up to continue reading and gain Free Access to all our resources.

    Sign up for our free newsletter and join 1000,000 of
    your peers to stay up to date with tips and advice on:

    EHR Optimization
    EHR Interoperability

    White Papers, Webcasts, Featured Articles and Exclusive Interviews

    Our privacy policy

    no, thanks

    Continue to site...