Electronic Health Records


Stolen laptop leads to health data breach at Apria Healthcare

- A laptop stolen from the locked car of an Apria Healthcare employee has exposed the protected health information (PHI) of as many as 11,000 patients. The healthcare company provides home infusion, respiratory, and medical equipment in all 50 states in more than 500 locations.

According to a company press release, the theft occurred on June 14, 2012, in Phoenix, Arizona; however, its ramifications could extend to California, New Mexico, and Nevada because of the laptop’s use in billing services. A report in the Arizona Daily Star has noted that 4,178 of the approximate 11,000 patients affected reside in Arizona. The California-based company immediately notified local law enforcement and began its own internal investigations, which revealed that PHI included Social Security numbers and names. Potentially, it also comprises dates of birth and other personal information.

In Apria’s official announcement, the company’s Associate General Counsel and Privacy Officer Doreen Bellucci revealed that the company will review its security measures. This includes encrypting laptops and other internal privacy safeguards, she told that Arizona news outlet. Apria will supply affected patients with a year’s worth of credit monitoring.

This latest incident is troubling for two reasons: first, the lack of physical safeguards; second, the lack of technical safeguards. While locks and alarms will only slow down rather than deter a dedicated thief, they don’t make up for the sheer negligence of exposing such valuable piece of hardware to prying eyes and wandering hands. Moreover, the lack of encryption smacks of a blatant disregard for the trust patients put into providers regarding their personal and financial information.

  • The clock is ticking on EHR incentives
  • Most Clinicians Lack Mobile Clinician Decision Support Tools
  • CMS Clarifies Flexibilities After ICD-10 Compliance Deadline
  • HRSA requests comment on rural EHR, HIT adoption
  • Debating Role of EHR Use in Behavioral Health Integration
  • Ten tips for extending patient engagement beyond the clinic
  • Developing a Specialty-Specific Action Plan for ICD-10
  • OSEHRA & EHR: Finding value in open source EHR
  • CMS: We intend to set ICD-10 date for October 1, 2015
  • A Successful EHR Implementation Is About More Than Go-Live
  • Allscripts files complaint after failed NYC bid
  • CMS announces three weeks of ICD-10 acknowledgement testing
  • Michigan HIE Enables State Immunization System Queries
  • Fee-for-Service Reimbursement Limits Telehealth Adoption
  • CMS Answers FAQ on EHR Incentive Program Hardship Exceptions
  • CIO series: Preparing for Stage 2 Meaningful Use
  • Hawaii HIE will improve patient care in East Hawaii
  • Stephen Fletcher is fired for health data breach in Utah
  • Work Begins on Precision Medicine Healthcare Data Standards
  • More Health IT Interoperability Criticism of #Cures2015 Bill
  • Hardship Exemption for Meaningful Use Requirements Due July 1
  • Ventura Country approves millions for EHR training
  • ONC explores Blue Button access for immunization records
  • Analyzing a doctor’s dissenting opinion on EHR value
  • How Stage 3 MU Concerns Impact EHR Incentive Programs
  • Mapping Tool Impacts Analytics during ICD-10 Transition
  • Analytics can help you gain value from the data in your EMR
  • New Jersey Overpays $2.3M in Medicaid EHR Incentive Payments
  • How Primary Care Health IT Use Spurs Quality Improvements
  • MGMA: ICD-10 delay would increase time for testing, standards
  • AHIMA: Half of providers plan to go ahead with ICD-10 anyway
  • More than 76% of dentists access EHRs during patient visits
  • Wake Forest has another rocky quarter after EHR implementation
  • AAFP: SGR Changes to Meaningful Use May Be an “Improvement”
  • Two million-dollar studies target heart health via health IT
  • Can Medical Device Interoperability sSave $30 Billion per Year?
  • Can EHR data calculate a useful risk score for readmissions?
  • Compliant versus complaint in the clinic experience
  • UnitedHealthcare invests in rural healthcare EHR
  • True Interoperability Needs Health IT Standards, Use Cases
  • $16.3B bill will expand VA, send veterans to outside providers
  • Finding the value in HIE, IT integration will push adoption: Q&A
  • EHR Certification Standards Allow Health IT Design to Evolve
  • Do Delays in ICD-10 Implementation Teach the Wrong Lesson?
  • Physician Series: Clinical documentation best practices
  • Survey: 1/3 of healthcare workers to pursue new jobs in 2013
  • Senate to Recommend Pausing “Dreaded” Stage 3 Meaningful Use
  • Physician EHR Use, Workload Trumping Face Time with Patients
  • Health Data Exchange, Interoperability Requirements of MIPS
  • Louisiana Medicaid EHR Incentive Program overpaid $3.1 million
  • Nurses Call for Greater Device and EHR Interoperability
  • AHA on Medicare Cuts: Don’t Do More with Less, Just Do Better
  • NextGen CMO named to EHR Association Executive Committee
  • Surescripts joins Carequality health data exchange initiative
  • Healthcare fraud leads to enrollment moratoria in hot spots
  • New VA Clinics Open with Telehealth Front and Center
  • Why EHR adoption doesn’t mean the end of paper in healthcare
  • ONC Clarifies Health IT Interoperability Under HIPAA
  • Recent Agreements to Extend Cerner EHR, RCM Technology
  • First step to successful EHR use is evaluating paper workflow
  • Stage 2 Meaningful Use EHRs may not be fully interoperable
  • Bloated healthcare costs raise EHR concerns
  • CMS Promotes Meaningful Use Quality Measures, ICD-10 Prep
  • What HIMSS14 revealed about changes to ONC EHR certification
  • Report shows ACO growth, unsure future
  • MD Anderson Epic Implementation Led to Financial Decreases
  • CMS Extends Electronic Clinical Quality Measures Deadline
  • VA gets $567 million for telehealth services in 2015 budget
  • NY Tech CEOs Support Budget Approval for HIE Adoption
  • Vanderbilt launches challenge to transform patient summaries
  • What does the Stage 1 Meaningful Use deadline really mean?
  • How the Integrated Epic EHR/PM System Handles Reporting
  • Patient engagement isn’t always easy, but it’s worth it: Q&A
  • How Surescripts Approaches Patient Safety Improvements
  • Lessons learned in Meaningful Use Stage 1: REC Q&A
  • Exploding 6 Myths of Health IT Interoperability
  • SGR Repeal Aims to Require Widespread EHR Interoperability
  • 3 Hospitals Sign onto Mercy SaaS for Epic EHR Implementation
  • Allscripts First to Offer 2015 Edition Certified EHR Technology
  • Nine examples of EHR best practices
  • MACRA Raises Need for EHR Optimization, Other Improvements
  • EHR, clinical decision support help identify autism earlier
  • EHR nightmares: Why treating EHRs like paper records fails
  • CMS Updates Schematrons for Hospital Quality Reporting for CQMS
  • NIH Clinics Receive Stage 7 HIMSS Award for EHR Adoption
  • 3 Actions “Critical” to Advancing Healthcare Interoperability
  • ICD-10 prep still plagued by manpower, data integrity issues
  • Study: Ongoing EHR tech support is necessary to improve quality of care
  • Unlocking EHR Systems, Advancing Health IT Interoperability
  • ONC, Louisiana celebrate Crescent City Beacon Community
  • HIPAA Changes to Help Patient Access to Health Information
  • Tips for Overcoming Health Information Exchange Challenges
  • Developing physician EHR adoption strategies: CIO series
  • Healthcare CIO expects interoperability in 2014
  • Slavitt Addresses How MACRA Implementation Supports Medicare
  • mHealth heats up, but will smartphone medicine leave you burned?
  • More on the federally funded MA HIE
  • What Medicare costs could EHR use help cut?
  • How does meaningful use impact a Stage 7 ambulatory setting?
  • HIE best practices: Keeping data safe
  • At the very least, an entity covered under the Health Insurance Portability and Accountability Act (HIPAA) needs to put administrative safeguards in place to analyze the risks associated with PHI. It should include the education of staff to ensure that all members are aware of an organization’s safeguards.

    It’s not unlikely that an employee working at multiple locations should need to carry a laptop between worksites. However, this practice should carry with it special procedures and protocols to ensure that PHI in physical transit is not unnecessarily exposed to a health data breach. Hopefully, fewer covered entities will avoid doing the bare minimum to safeguard patient information.

    Browse the latest EHR, MeaningfulUse and ICD-10 White Papers and Guides 

    Related Articles:

    Summer of the Health Data Breach continues
    • Computer stolen from Stanford Hospital leads to health data breach
    • Hartford Hospital and VNA HealthCare report health data breach
    • Northwestern Memorial announces theft and health data breach




    Sign up to continue reading and gain Free Access to all our resources.

    Sign up for our free newsletter and join 60,000 of
    your peers to stay up to date with tips and advice on:

    EHR Optimization
    EHR Interoperability
    EHR Replacement

    White Papers, Webcasts, Featured Articles and Exclusive Interviews

    Our privacy policy

    no, thanks