A Nebraska doctor’s office has alerted more than 2,000 patients that their health information was compromised after a thumb drive was lost

09 July 2013

Author Name Patrick Ouellette

Wedgewood Legacy Medical, a Lincoln, Neb. doctor’s office has alerted 2,125 patients that their protected health information (PHI) has been compromised after a computer chip came off of a thumb drive Dr. James Fosnaugh was wearing on a lanyard around his neck.

According to JournalStar.com, no Social Security numbers or financial or insurance information were included on the chip. However, full names, birth dates, home addresses, phone numbers and some names of family members were listed in the lost records.

“Although we believe that it is highly unlikely that this computer chip has or will be found by someone who can extract the information from it, we cannot be 100 percent sure, thus we need to timely notify our patients of this event,” the news release said.

Though the organization claims that it no longer puts patient information on portable devices, this news had to have been somewhat jarring for patients because their sensitive data was literally hanging on this doctor’s lanyard. As always, the office wouldn’t have been scrambling around looking for the chip had it been encrypted or at least technically-safeguarded in some way.

Tampa General and University of South Florida breach

A former Tampa General and University of South Florida (USF) nurse was recently fired for inappropriately accessing and exposing Jennifer Jones’ private medical records. Nadine McNew, aunt of Jones’ partner, learned of Jones giving birth in 2008 at Tampa General and subsequent adoption by using her status as a nurse to view the electronic health records (EHRs). McNew later gave out printouts to another family member.

McNew was fired by USF (Tampa General is USF’s primary teaching hospital) as soon as it learned of the breach, but the Tampa Bay Times reports that neither USF nor Tampa General planned policy changes as a result of this incident. While both organizations say that they stress security education and part of a nurse’s job functionality is to access this data, you’d like to think there would be greater ramifications for these actions other than losing your job.

Article Sourced From: http://healthitsecurity.com/2013/07/01/nebraska-doctor%E2%80%99s-office-notifies-2125-patients-of-breach/