RSS Alerts

Related Stories

  • Securing Electronic Health Records
    Electronic health records are supposed to improve the efficiency and accuracy of healthcare delivery. However, with electronic records come security headaches, and the potential for data breaches. John Sterlicchi examines what the industry is doing thus far to facilitate a secure transition toward electronic health records
  • Weekly brief February 2, 2010
    Infosecurity rounds up the week's news
  • The User is Not the Enemy: How to Increase Information Security Usability
    People have long been accused of being the ‘weakest link’ in information security, but what if lack of usability and security training is actually at the heart of the matter? Wendy M. Grossman investigates
  • EPIC: Obama must try harder on electronic privacy
    Eight months into its first year, the Obama administration could still try harder when it comes to electronic privacy and digital rights, according to a report card issued by an advocacy group.
  • Is Patient Data Privacy on its Sickbed?
    As we stand on the cusp of a massive healthcare modernization program, we face increasing challenges over healthcare data privacy. Danny Bradbury explores what’s happening in the US from a technological perspective, and what it means for our sensitive data

News

US lawmakers upset at breach news delay

26 March 2008

US lawmakers are asking why a stolen laptop, which had medical test results for 2,500 patients in a National Institute of Health study, was not encrypted.

The laptop, which was stolen from a doctor’s locked car trunk February 23, contained some unencrypted research information from an ongoing study by the National Heart, Lung and Blood Institute (NHLBI). The theft occurred outside of the National Institute of Health campus.

The information involved roughly 2,5000 participants in a cardiac MRI study conducted between 2001 and 2007 and included each participant’s name, birth date, hospital medical record number and data contained in MRI reports such as measurements.

The laptop contained no additional medical information on participants beyond the MRI reports and no information such as social security numbers, addresses or phone numbers. Participants were not notified until March 20.

Rep. Edward Markey, a Massachusetts Democrat who chairs the Congressional Privacy Caucus, sent a letter to Health and Human Services Secretary Michael Leavitt asking why the laptop was not encrypted and what steps the department would take to prevent another breach.

The National Institute of Health said the incident was immediately reported to the police and it is under investigation. The NHLBI said it would install encryption software on its laptops and conduct regular security training for its employees.

Following a theft of a Veterans Affairs laptop in May 2006, (which contained personal data for 26.5 million veterans and military personnel), the Office of Management and Budget issued guidelines that require information on laptops across all government agencies to be encrypted.

 

This article is featured in:
Data Loss Encryption Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water