Electronic Health Records


Stolen laptop leads to health data breach at Apria Healthcare

By Kyle Murphy, PhD

- A laptop stolen from the locked car of an Apria Healthcare employee has exposed the protected health information (PHI) of as many as 11,000 patients. The healthcare company provides home infusion, respiratory, and medical equipment in all 50 states in more than 500 locations.

According to a company press release, the theft occurred on June 14, 2012, in Phoenix, Arizona; however, its ramifications could extend to California, New Mexico, and Nevada because of the laptop’s use in billing services. A report in the Arizona Daily Star has noted that 4,178 of the approximate 11,000 patients affected reside in Arizona. The California-based company immediately notified local law enforcement and began its own internal investigations, which revealed that PHI included Social Security numbers and names. Potentially, it also comprises dates of birth and other personal information.

In Apria’s official announcement, the company’s Associate General Counsel and Privacy Officer Doreen Bellucci revealed that the company will review its security measures. This includes encrypting laptops and other internal privacy safeguards, she told that Arizona news outlet. Apria will supply affected patients with a year’s worth of credit monitoring.

This latest incident is troubling for two reasons: first, the lack of physical safeguards; second, the lack of technical safeguards. While locks and alarms will only slow down rather than deter a dedicated thief, they don’t make up for the sheer negligence of exposing such valuable piece of hardware to prying eyes and wandering hands. Moreover, the lack of encryption smacks of a blatant disregard for the trust patients put into providers regarding their personal and financial information.

  • 92% of Nurses Dissatisfied with EHR Technology, Health IT
  • CPEHR: Professional certification for EHR
  • Hospitals Seeing Opportunities to Integrate Workflows
  • DeSalvo praises Vermont for HIE infrastructure efforts
  • NC Medicaid payment system subject of class action lawsuit
  • Regenstrief to Develop Automated Patient EHR Matching Solution
  • Effective Patient Engagement Strategies Using Health IT
  • Health plan certification compliance to impact providers
  • Survey: EHR, HIT adoption growing among North Dakota’s rural providers
  • Specialists want registries to count towards meaningful use
  • CMS Extends eCQM Deadline for EHR Incentive Programs
  • Lack of resources, HIE integration are barriers to vaccine reminders
  • Studies show EHR, CPOE provide positive ROI long term
  • EHR Optimization a Focus of Upcoming ICD-10 Updates
  • Congress raises concerns about HHS handling of RAC program
  • Pew Calls on VA to Prioritize Health Data Exchange, Safety
  • GAO Calls for VA to Adopt Commercial EHR, VA Likely to Do So
  • GAO: Lack of data standards foils EHR interoperability, HIE
  • Allscripts sues HHC, Epic over major EHR contract
  • DeSalvo Names ONC’s First Chief Health Information Officer
  • VA Hearing Confirms Plan to Adopt Commercial EHR Technology
  • Epic Systems Tops Cerner as Top-Used Physician EHR Vendor
  • Tips for Approaching Clinical Documentation Improvement
  • Can Dell’s Latitude 10 grab a piece of the mHealth market, too?
  • How Meaningful Use, EHR, ICD-10 Implementation Fared in 2014
  • EHR tool improves care transitions for pediatric patients
  • Physician EHR Use Benefits Quality Performance, Productivity
  • Experts Advise How to Improve Health IT Use, Interoperability
  • Epic Systems, Cerner Among 8 Health IT Companies Recognized by EHRA
  • What obstacles might undermine the promise of mHealth?
  • NYC, Albany area HIEs connect with Direct secure messaging
  • Critical access, rural hospitals make meaningful use gains
  • How the cloud drove athenahealth from EHR association
  • DOD moves forward with possible EHR replacement pick
  • Research on Health Information Exchange Limited, AHRQ Finds
  • Study shows EMRs savings determined by complementary factors
  • Physicians moving towards mobile devices
  • EHR data collection helps reduce LGBT health disparities
  • Changes to Industry to Impact Role of Healthcare CIOs
  • ONC, ANSI name 5 permanent certification bodies
  • Survey: Hospitals slow to adopt accountable care, form ACOs
  • eICU Telehealth Data Allows Clinical Analytics for Researchers
  • Physicians like EHRs, ACOs, but see major flaws in healthcare
  • AHA Recommends Adhering to ICD-10 Transition Deadline
  • Why are solo physicians half as likely to adopt EHRs?
  • What EHR systems can gain from cloud computing?
  • How EHRs and Telehealth Technology Affect Healthcare
  • EHR best practices: Choosing cloud or web-based EHR
  • EHR patient access debate still up in the air
  • Survey: Many healthcare jobs disappearing, taking pay cuts
  • What keeps the lights on during health IT adoption, support?
  • ICD-10 testing takes another tumble in “scary” pilot program
  • Cambridge Health Alliance agrees with BIDMC to join ACO
  • GAO Calls for Improvements to HHS Post-Acute EHR Use Plans
  • Medicare SGR repeal could cost feds $175 billion
  • How big data and mobile devices can improve bedside care
  • Interoperability, Usability, Outcomes to Drive Health IT Changes
  • Director of the Office of Consumer eHealth to depart ONC
  • AHIMA Releases Recommendations For Coding Compliance Policies
  • EHR Adoption Positively Impacts Nurses, Clinical Workflows
  • January 17: ONC, MIT, Tufts begin Blue Button Codeathon
  • NBA adopts cloud EHR solution to connect players’ health from court to clinic
  • mHealth, EHR startups win $100K prizes in Maryland
  • Will EHR Optimization Projects Take Center Stage in 2016?
  • New Grant Program Advances Health Information Exchange
  • ONC 2015 Edition Health IT Rule Aims at Interoperability
  • Extending patient care through meaningful use of EHR, HIE
  • Allscripts Expects Paragon EHR Success After Encouraging Quarter
  • EHR defaults cause medication, patient safety errors
  • Stage 3 Meaningful Use Proposed Rule: Is More Time Needed?
  • ONC: Hospitals dramatically increase EHR, HIE adoption
  • Finding the value in HIE, IT integration will push adoption: Q&A
  • ONC Plan Aims at Behavioral Health EHR Adoption, HIT Use
  • DataMotion seeks Direct Project boost with new patent
  • mHealth, Patient Portal Boom Increases Patient Engagement
  • AMA educates physicians about cost of ACA 90-day grace period
  • Industry Experts Back EHR Meaningful Use Overhaul
  • What challenges will the next National Coordinator face?
  • How to Properly Prepare for a Meaningful Use Audit
  • ONC Embraces Industry-led Testing of Health IT Tools
  • How Does Competition Impact Healthcare Interoperability?
  • Healthcare analytics reduces hypertension for KPNC patients
  • What is the EHR vendor’s role in a meaningful use audit?
  • ACOEM: Include occupational data in EHRs during Stage 3 MU
  • Debating Role of EHR Use in Behavioral Health Integration
  • VA reduces admissions by 35% due to telemedicine services
  • Minnesota mandates certified EHRs for all dentists by 2015
  • New Bill May Alter Meaningful Use Among ASCs
  • CMS and ONC Seeks Feedback on Quality Measures Reporting
  • Most patients are willing to share health data, engage online
  • Is the Dominance of Epic EHR Technology Good for Healthcare?
  • CMS Details Quality Payment Program Technical Assistance
  • AAFP Recommends CMS Simplify MACRA Implementation Requirements
  • Why Prioritizing Usability Effects Better Ambulatory EHR Use
  • Top Clinical Decision Support System (CDSS) Companies by Ambulatory, Inpatient Settings
  • Specialists Concerned with Proposed MACRA Implementation
  • mHealth, Data Analytics See $4.7 Billion in 2014 VC Funding
  • Health IT Interoperability Champion DeSalvo Leaving ONC
  • Quality reporting as a means of EHR collaboration, healthcare reform
  • Thousands lose telemedicine access as Medicare redraws map
  • At the very least, an entity covered under the Health Insurance Portability and Accountability Act (HIPAA) needs to put administrative safeguards in place to analyze the risks associated with PHI. It should include the education of staff to ensure that all members are aware of an organization’s safeguards.

    It’s not unlikely that an employee working at multiple locations should need to carry a laptop between worksites. However, this practice should carry with it special procedures and protocols to ensure that PHI in physical transit is not unnecessarily exposed to a health data breach. Hopefully, fewer covered entities will avoid doing the bare minimum to safeguard patient information.

    Browse the latest EHR, MeaningfulUse and ICD-10 White Papers and Guides 

    Related Articles:

    Summer of the Health Data Breach continues
    • Computer stolen from Stanford Hospital leads to health data breach
    • Hartford Hospital and VNA HealthCare report health data breach
    • Northwestern Memorial announces theft and health data breach


    Continue to site...