Winston-Salem, Business, News, Events, Greensboro, Technology, IT Services

Moses Cone Hospital has reported it’s vendor VHA in Canton, Ohio had a laptop stolen or misplaced which contained the personal data over over 14,000 patients. They do state there was a break in so we will assume it was in fact stolen. According to Moses Cone the loss includes records for patients from 2004 to 2009. Lynn Mathews the Compliance and Privacy Officer for Moses Cone Health System stated, “"Moses Cone Health System and its vendor, VHA, deeply regret this incident and both are making changes to make sure it does not happen again," a hollow statement considering the toothless HIPAA (Health Insurance Portability and Accountability Act) rules state they must in fact do just that. The laptop was not encrypted and the HIPAA rules on this matter basically state that if the health provider has performed a reasonable determination that encryption is not needed then they are HIPAA compliant. Specifically the rules state:

(e)(2)(ii) Encryption (Addressable). Implement a mechanism to encrypt 
electronic protected health information whenever deemed appropriate.

CFR , Title 45, Sec. 164.312

Lynn Mathews further went on to state, “"Please be assured that we take the privacy of every patient’s personal information seriously and that we will continue to implement improvements to secure all personal information we maintain.” Considering this is exactly what HIPAA requires the statement is redundant. I mean think about it if you had somebody break into your house because you had a low end lock on the front door your first response would likely be to get a better lock right? Well this is what HIPPA states you must do if you have a data loss, you must review why it occurred and take action so it won’t happen again, DUH!

Moses Cone has stated they will provide one free year of CSIdentity Protector Service. This will include one year credit monitoring and insurance protection if your data is used in a case of identity theft (read the fine print). All patients should receive a letter detailing the loss and protection being offered no latter than Wednesday, April 22. Anyone with questions concerning this loss should contact CSIdentity at 1-877-274-1430, Lynn Mathews at 1-336-832-7075 or visit a website setup by Moses Cone.


Be Sociable, Share!
Leave a Reply

You must be logged in to post a comment. Login »

Optimization WordPress Plugins & Solutions by W3 EDGE