Electronic Health Records


Stolen laptop leads to health data breach at Apria Healthcare

By Kyle Murphy, PhD

- A laptop stolen from the locked car of an Apria Healthcare employee has exposed the protected health information (PHI) of as many as 11,000 patients. The healthcare company provides home infusion, respiratory, and medical equipment in all 50 states in more than 500 locations.

According to a company press release, the theft occurred on June 14, 2012, in Phoenix, Arizona; however, its ramifications could extend to California, New Mexico, and Nevada because of the laptop’s use in billing services. A report in the Arizona Daily Star has noted that 4,178 of the approximate 11,000 patients affected reside in Arizona. The California-based company immediately notified local law enforcement and began its own internal investigations, which revealed that PHI included Social Security numbers and names. Potentially, it also comprises dates of birth and other personal information.

In Apria’s official announcement, the company’s Associate General Counsel and Privacy Officer Doreen Bellucci revealed that the company will review its security measures. This includes encrypting laptops and other internal privacy safeguards, she told that Arizona news outlet. Apria will supply affected patients with a year’s worth of credit monitoring.

This latest incident is troubling for two reasons: first, the lack of physical safeguards; second, the lack of technical safeguards. While locks and alarms will only slow down rather than deter a dedicated thief, they don’t make up for the sheer negligence of exposing such valuable piece of hardware to prying eyes and wandering hands. Moreover, the lack of encryption smacks of a blatant disregard for the trust patients put into providers regarding their personal and financial information.

  • What does big data mean for health IT?
  • Are Medical Residents Spending Too Much Time on EHR Use?
  • Transatlantic ultrasound marks new territory for telehealth
  • Order sets: How to stay current with systematic reviews
  • Ronny Jackson Withdraws as Presidential VA Secretary Nominee
  • ONC unveils dashboard for health IT data
  • Handful of EHR Systems Achieve 2015 ONC Health IT Certification
  • AMIA Details Value-Based Care Health IT Infrastructure Needs
  • Meaningful use of big health data
  • AHA Gives Recommendations for ONC Interoperability Advisory
  • How could cost prevent health IT from driving patient engagement?
  • Is ONC EHR Certification Headed in the Wrong Direction?
  • How Is Advanced Pediatric EHR Use Improved via Innovation?
  • Meaningful Use Audits, Hospital Acquisitions Bring Hurdles
  • Details Coming on Electronic Health Records Certification
  • EHR improves preventive care with PHR
  • What Changes will MIPS, MACRA Bring for Clinical Quality Reporting?
  • popHealth: A free tool for measuring meaningful use
  • Congress expected to vote on potential ICD-10 delay
  • Epic Systems Tops Cerner as Top-Used Physician EHR Vendor
  • DOD moves forward with possible EHR replacement pick
  • CVS, Epic Systems team up to bring EHRs to retail clinics
  • How to Properly Implement Patient Portals for Meaningful Use
  • 3 Hospitals Sign onto Mercy SaaS for Epic EHR Implementation
  • Rural Physician Practice EHR Adoption Surpasses Urban Areas
  • MIPS Requirements for Physicians Under Proposed MACRA Rule
  • Mostashari defends planned EHR vendor certification fee
  • Experts comment on need for CDS standards
  • Health IT job market maintains a positive outlook
  • Mass. HIE takes a detour, considers HISP-HISP approach
  • Groups weigh in on SGR repeal plans, Medicare payment freeze
  • Meeting Meaningful Use Requirements for Transitions of Care
  • Standardizing Adverse Drug Reaction Data in EHR Documentation
  • Two states making use of health information exchange funds
  • Texas Health Information Exchange Receives EHNAC Accreditation
  • ONC seeks public input on consumer eHealth strategy
  • DeSalvo delivers first remarks to Health IT Policy Committee
  • CMS Proposes 90-Day Reporting Period for 2016 Meaningful Use
  • $23 billion EHR market will continue growth with replacements
  • Health IT Standards, Interoperability to Gain Traction in 2017
  • ONC, CMS to Take Part in Provider Data Accuracy Alliance
  • Return of Annual Updates to ICD-10 Code Set Begin Oct. 1
  • How do patient portals improve the coordination of care?
  • EHRs and the worsening diabetes epidemic
  • “Process breakdowns” threaten patient safety, despite EHRs
  • AMA supports SGR repeal, merit-based incentive system
  • What does safe harbor mean for health IT?
  • Independent docs not optimistic about accountable care, EHRs
  • Former Allscripts CEO moves into mHealth with new startup
  • CHIME Suspends 2-Year National Patient ID Challenge Initiative
  • New ONC research on health information exchange now available
  • Fueling the Fast Healthcare Interoperability Resource
  • EHR adoption has little effect on Medicaid costs, says study
  • Will ONC shakeup affect mHealth ruling from FDA?
  • Developing the Cerner EHR Technology through Acquisition
  • EHNAC and NH-ISAC Align on Health Information Protection
  • EHR Adoption Rate, Meaningful Use Continue To Challenge HHS
  • Should EHR use be a condition of medical licensure?
  • Mayo Clinic Offers Symptoms Assessment Tool in Epic EHR
  • Wake Forest’s Epic woes continue with slashed worker raises
  • Ensuring Your EHR System Meets MACRA Requirements in 2017
  • Work by Providers, Payers Needed to Advance Healthcare APIs
  • What does the Stage 1 Meaningful Use deadline really mean?
  • EHR implementation: Defining and achieving your ideal workflow
  • EHR Companies Deny Data Blocking, Defend Interoperability Fees
  • EHR Implementation Gaffes Leave Calif. Hospital Cash-Strapped
  • Nephrology HIE Adoption Leads to Improved Care Coordination
  • The Week Ahead in Health IT Interoperability: Nov. 9-15
  • What the 3M Healthcare Data Dictionary means to interoperability
  • Epic Trails in Black Book Ranking of Inpatient EHR Vendors
  • Physicians Seek MIPS Changes, Reduced Administrative Burden
  • Colorado behavioral health exchange receives grant to expand
  • IOD Inc. connects with Social Security through MiHIN Gateway
  • Data migration can leave your information vulnerable
  • Why Prioritizing Usability Effects Better Ambulatory EHR Use
  • Surescripts Makes Record Finding Service Free to EHR Vendors
  • Pennsylvania Medicaid earning its stripes
  • VA announces new plan to clear claims backlog by 2015
  • After Huge Q2, Health IT VC Funding Drops by Half to $956M
  • EHR implementation timeline for hospitals
  • Self-care medical device market to near $17 billion in 2019
  • HIE adoption: Value of resolving user pain points at IHIE
  • Factors in physician compensation in 2012
  • CMS: We intend to set ICD-10 date for October 1, 2015
  • Survey: Patients should have access to PHI – but not all of it
  • Mass. Home Care Agencies Partner for HIT Adoption Initiative
  • Providers Still Facing Health Information Exchange Barriers
  • Technical requirements for practices in meaningful use
  • Who’s responsible for resolving EHR-HIE interoperability?
  • 40% of Physicians See More EHR Challenges than Benefits
  • Allscripts Debuts Machine Learning, Cloud-Based EHR System Avenel
  • What does the RAND study really say about EHR adoption, cost savings?
  • Cigna launches three new accountable care organizations
  • Stage 2 Meaningful Use clinical quality measures for eligible hospitals
  • AHIMA: Higher reimbursements don’t necessarily mean fraud
  • OR Behavioral Health Center Adopts Carequality Using Netsmart EHR
  • High rural REC enrollment, partnerships help EHR adoption
  • Effect of Meaningful Use on Hospital EHR Functionality
  • Accountable care requires more health IT than just EHRs
  • Study Raises Doubts about Clinical Documentation Accuracy
  • At the very least, an entity covered under the Health Insurance Portability and Accountability Act (HIPAA) needs to put administrative safeguards in place to analyze the risks associated with PHI. It should include the education of staff to ensure that all members are aware of an organization’s safeguards.

    It’s not unlikely that an employee working at multiple locations should need to carry a laptop between worksites. However, this practice should carry with it special procedures and protocols to ensure that PHI in physical transit is not unnecessarily exposed to a health data breach. Hopefully, fewer covered entities will avoid doing the bare minimum to safeguard patient information.

    Browse the latest EHR, MeaningfulUse and ICD-10 White Papers and Guides 

    Related Articles:

    Summer of the Health Data Breach continues
    • Computer stolen from Stanford Hospital leads to health data breach
    • Hartford Hospital and VNA HealthCare report health data breach
    • Northwestern Memorial announces theft and health data breach




    Sign up to continue reading and gain Free Access to all our resources.

    Sign up for our free newsletter and join 60,000 of
    your peers to stay up to date with tips and advice on:

    EHR Optimization
    EHR Interoperability
    EHR Replacement

    White Papers, Webcasts, Featured Articles and Exclusive Interviews

    Our privacy policy

    no, thanks

    Continue to site...