Hospital laptop lost or stolen

Wednesday, January 31, 2007

EVANSVILLE, Ind. - When a laptop containing patient information went missing from the respiratory therapy department of a hospital recently, providers were reminded of the need for safeguarding patient data.
The computer--which was password protected--was either lost or stolen from Deaconess Hospital in Evansville, Ind. The hospital notified affected patients December 23 that their private information, including social security numbers, was at risk.
Healthcare providers who acquire large amounts of sensitive patient information can take comfort in one thing: Under the HIPAA privacy rule, patients have no rights to sue, said Maryland attorney Elizabeth Hogue.
"Providers don't have to worry about patients suing them under the privacy rule," said Hogue. "If patients believe there's been a violation of privacy--like a lost laptop that somebody did not keep secure--they could file a complaint with the Office of Civil Rights."
While HIPAA prohibits the release of protected health information--including SSNs--as long as a provider follows an established security protocol, they should be safe from lawsuits, say industry attorneys.
"If it was truly unexpected that somebody would steal the laptop, the hospital would not be liable," said Jeff Baird, an industry attorney with Amarillo, Texas-based Brown & Fortunato. "On the other hand, if the computer was just sitting out there in the middle of nowhere, they could have liability."
When such a loss occurs, providers must notify patients and take steps to minimize potential damage. That includes advising patients to: monitor bank, credit card and other bills for the next two years; contact credit card companies; and obtain credit reports from all three credit reporting bureaus.
Sam Rogers, a spokesman for Deaconess, confirmed in early January that the missing laptop still hadn't been recovered. hme