An investigation was carried out to determine what files had been stored to the device and which patients had their PHI made accessible.
Files on the storage device were linked to patients who had received inpatient services at Renown South Meadows Medical Center from the time period January 1, 2012 to June 14, 2019. The range of information in the files included names, diagnoses, medical record numbers, clinical data, admission dates, and physicians’ identities. No Social Security numbers or financial information were saved on the device.
Patients have been warned to use exercise caution in relation to their accounts and monitor their accounts and explanation of benefits statements for any evidence of fraudulent activity. Renown Health will be overlooking its policies covering the use of portable devices such as thumb drives and will be re-training its staff on safeguarding patient data.
The data breach has not yet been published on the Department of Health and Human Services’ Office for Civil Rights’ breach portal, so it is unclear how many patients have been impacted.
This is the second data breach of this nature to be made public in recent days. The New York Fire Department also reported a breach involving the loss of a portable electronic device that held the ePHI of patients of almost 10,000 EMS patients.
These incidents show, once again, the importance of using encryption on all portable electronic devices used to save ePHI for any company or organization. Should a device be lost or stolen, ePHI cannot be seen or impacted by anyone.