Electronic Health Records

News

Stolen laptop leads to health data breach at Apria Healthcare

By Kyle Murphy, PhD

- A laptop stolen from the locked car of an Apria Healthcare employee has exposed the protected health information (PHI) of as many as 11,000 patients. The healthcare company provides home infusion, respiratory, and medical equipment in all 50 states in more than 500 locations.

According to a company press release, the theft occurred on June 14, 2012, in Phoenix, Arizona; however, its ramifications could extend to California, New Mexico, and Nevada because of the laptop’s use in billing services. A report in the Arizona Daily Star has noted that 4,178 of the approximate 11,000 patients affected reside in Arizona. The California-based company immediately notified local law enforcement and began its own internal investigations, which revealed that PHI included Social Security numbers and names. Potentially, it also comprises dates of birth and other personal information.

In Apria’s official announcement, the company’s Associate General Counsel and Privacy Officer Doreen Bellucci revealed that the company will review its security measures. This includes encrypting laptops and other internal privacy safeguards, she told that Arizona news outlet. Apria will supply affected patients with a year’s worth of credit monitoring.

This latest incident is troubling for two reasons: first, the lack of physical safeguards; second, the lack of technical safeguards. While locks and alarms will only slow down rather than deter a dedicated thief, they don’t make up for the sheer negligence of exposing such valuable piece of hardware to prying eyes and wandering hands. Moreover, the lack of encryption smacks of a blatant disregard for the trust patients put into providers regarding their personal and financial information.

  • EHNAC to begin accreditation for accountable care organizations
  • Prepping for ICD-10? Open a credit card and pinch pennies
  • HIMSS Analytics introduces Continuity of Care Maturity Model
  • AHIMA 2012: Providers Benefit from EHR, Patient Portals
  • Court dings CA county for mishandled EHR implementation
  • EHR Use Cases, Not Certification, Should Drive EHR Selection
  • HIMSS recommends changes to Stage 2 Meaningful Use
  • Healthconnect HIE takes off in Texas with vendor, provider help
  • Evaluating the first-year development of Pioneer ACO Model
  • EHR Implementation Weakens Productivity, Improves Revenue
  • Q&A with Surescripts E-Prescribing VP
  • How is accountability affecting rate of readmissions?
  • How can HIE drive meaningful use, healthcare reform via HIT?
  • VA Hearing Confirms Plan to Adopt Commercial EHR Technology
  • AMA continues protest against ICD-10 implementation
  • CMS Clarifies Meaningful Use Patient Engagement Requirement
  • Why have EHR adoption, EMRAM scores stalled for hospitals?
  • The Status of Medical Errors Among Health IT Systems
  • Study: Use of CPOE cuts likelihood of medication errors in half
  • Preparing for new ICD-10 compliance deadline
  • ONC Promises 2015 Health IT Certification Companion Guides
  • Accenture division wins $162M VA bid to modernize VistA EHR
  • Stakeholders Voice Support for 2018 Quality Payment Program Rule
  • Complex denials, appeals in RAC process costing hospitals
  • Leidos, Cerner Chiefs Address DoD EHR Modernization Project
  • Most Patients Report EHR Technology Improves Quality of Care
  • Black Book Sees Rise of Private Health Information Exchanges
  • AMA forecasts busy 2014 with Stage 2 Meaningful Use, ICD-10
  • How is patient-centered care changing patient engagement?
  • Improving Provider Satisfaction in the Post-HITECH Era
  • Developing a Specialty-Specific Action Plan for ICD-10
  • Incorporating Record Locator Services into Clinician EHR Use
  • EHR vendors Epic Systems, Cerner to add new employees
  • Health Information Exchange report rates top vendors
  • DoD-VA yields new open-source EHR solutions, more delays
  • GA CEO forced out over botched Cerner EHR implementation
  • Compliant versus complaint in the clinic experience
  • AMA educates physicians about cost of ACA 90-day grace period
  • AHA survey: Medicare RAC audits up 47% since last year
  • Outpatient EHR Adoption Reaches 92%, Nears Market Saturation
  • State medical boards adopt updated telemedicine guidelines
  • PCORI to Boost Interoperability, Data Sharing in New EHR Project
  • eClinicalWorks Allows Integration with CommonWell, Carequality
  • UVM Health Network Awaits Approval for $200M Epic EHR Replacement
  • Allscripts Acquisition Signals Inpatient Health IT Challenges
  • Key Takeaways to Support a Successful MACRA Implementation
  • CommonWell Brings Interoperability Services to NW Providers
  • CORHIO Adds Eight Hospitals to Health Information Exchange
  • Top five ICD-10 readiness questions to ask your payers
  • Hospital EHR Adoption of Basic Systems Tops 83%, CEHRT 96%
  • Workarounds Needed to Close EHR Integration Gaps
  • House-approved omnibus bill seeks to limit ACA support
  • VA moves forward with plan to replace scheduling system
  • Tripathi: Clinical analytics and HIE provide rich, timely data
  • What keeps the lights on during health IT adoption, support?
  • ICD-10 survey: Vendors, payers barely creep towards readiness
  • CIOs Set to Channel Future Spending Toward EHR Optimization
  • VA Cerner Implementation Contract Likely to Top Out at $10B
  • Utah continues outreach in wake of health data breach
  • Higher costs follow physician practice purchases, says poll
  • Rethinking Current Approaches to Health IT Interoperability
  • Health Information Exchange in Michigan Extends Services
  • What makes a health IT go-live command center effective?
  • The Sequoia Project’s Carequality Connects Over 50% of Providers
  • How HIE Helped One Health System Meet Stage 2 Meaningful Use
  • Beacon Health, Cigna form Maine ACO
  • CDC holds ICD-10 coordination and maintenance meeting
  • AHRQ to study health IT, EHR impact on ambulatory care workflows
  • Report Ranks Top Five Best, Worst States for EHR Adoption
  • KLAS foresees EHR replacement among ambulatory providers
  • OIG finds ONC’s oversight of EHR certification lacking
  • Patient-generated data, EHR sharing can add clinical value
  • ICD-10 Implementation Yields 80% Success Rate, KPMG Reports
  • HIMSS EHRA opposes EHR user fee in 2014 budget
  • HBMA: We need ICD-10 benchmarks, complete industry readiness
  • How to Train, Update, and Test for ICD-10 Compliance Deadline
  • Top spending states invest $1.5 billion for health IT in 2013
  • 92% of Nurses Dissatisfied with EHR Technology, Health IT
  • Guides for EHR and health IT
  • ONC Beacon Communities discuss HIE growth
  • Five EHR, health IT questions heading into HIMSS13
  • Nurses Call for Greater Device and EHR Interoperability
  • Health spending growth remains low for 4th-straight year
  • EHRs and the worsening diabetes epidemic
  • EHR, informatics, health IT jobs 2.5% of all healthcare hiring
  • ONC’s David Muntz talks HIE standards
  • ICD-10 contingency planning: Looking past October 1, 2014
  • Physician survey: More use EHR, few are satisfied
  • Physician Perspectives on EHR Optimization Strategies
  • With ICD-10 date set, what new challenges await providers?
  • ICD-10 End-to-End Testing Week Shows Few Coding Errors
  • EHRA calls on EHR developers to adopt new code of conduct
  • What makes ICD-10 a top priority for healthcare CIOs?
  • Epic Systems Taking TCS to Court over Theft of Trade Secrets
  • FDA hosts summit, seeks public comment on health IT framework
  • Berkery Noyes: Health IT dwarfs entire market in 2012 transactions
  • Tight CEHRT deadlines will cause Stage 2 meaningful use woes
  • ATA Opens Telehealth Accreditation Program to Providers
  • AAFP Calls for Meaningful Use Overhaul, Other Reforms
  • CMS Reminds Providers of Oct. 1, 2015 ICD-10 Deadline
  • At the very least, an entity covered under the Health Insurance Portability and Accountability Act (HIPAA) needs to put administrative safeguards in place to analyze the risks associated with PHI. It should include the education of staff to ensure that all members are aware of an organization’s safeguards.

    It’s not unlikely that an employee working at multiple locations should need to carry a laptop between worksites. However, this practice should carry with it special procedures and protocols to ensure that PHI in physical transit is not unnecessarily exposed to a health data breach. Hopefully, fewer covered entities will avoid doing the bare minimum to safeguard patient information.

    Browse the latest EHR, MeaningfulUse and ICD-10 White Papers and Guides 

    Related Articles:

    Summer of the Health Data Breach continues
    • Computer stolen from Stanford Hospital leads to health data breach
    • Hartford Hospital and VNA HealthCare report health data breach
    • Northwestern Memorial announces theft and health data breach

     

    X

    EHRIntelligence

    Sign up to continue reading and gain Free Access to all our resources.

    Sign up for our free newsletter and join 60,000 of
    your peers to stay up to date with tips and advice on:

    EHR Optimization
    EHR Interoperability
    EHR Replacement

    White Papers, Webcasts, Featured Articles and Exclusive Interviews

    Our privacy policy

    no, thanks

    Continue to site...