A mail delivery truck which was having health information was stolen. This has resulted into a potential healthcare data breach for Kaiser Permanente, a healthcare system based in California. According to the reports, health information of approximately 2,400 individuals was affected . The truck was stolen from the parking lot.
The truck was not parked in a secure area even there are guidelines by Kaiser Permanente’s. Truck contained “Evidence of Coverage” handbooks for Kaiser Permanente patients who are on the Inland Empire Health Plan. Affected information included personal information, such as names, addresses, and an overview of plan benefits.
According to the reports, thieves gained entry to the vehicle. They drove to an unspecified location and left the empty truck behind.
After the incident, the healthcare facility reported the stolen vehicle to local law enforcement officials.Michelle Simms, a Kaiser Permanente spokeswoman, said the health care provider spoke to Los Angeles County Sheriff’s station in Santa Clarita. Truck was found with missing health records. Facility believes that there is no evidence of misuse of PHI information. Also, the file didn’t contain Social Security numbers, medical record numbers, descriptions of health services, health statuses, and financial information.
“We are in the process of notifying and apologizing to our members affected by this incident,” officials said in a statement. “We have investigated this matter and are taking appropriate steps to prevent similar errors in the future.”
With the rise in data breaches due to stolen records, it is better to go for digitization with proper safeguards. Some of the responsible health data handling includes –
- Administrative safeguards includes policies and procedures to protect the privacy, and security of patients’ PHI
- Physical safeguards includes measures to protect the hardware and the facilities
- Technical safeguards includes health IT system to protect health information and to control access to it
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software