The failure to encrypt backup data on a portable electronic device has resulted in the protected health information of 1,291 individuals being exposed.

The device, containing names, telephone numbers, addresses and Social Security numbers, was stolen from Local 693 Plumbers, Pipefitters & HVACR Technicians, a member of the United Association of Journeyman and Apprentices of the Plumbing and Pipefitting Industry of the United States and Canada.

While the data on the device could potentially be accessed by unauthorized individuals, investigation shows the probability of data on the device being accessed and used inappropriately is “very low”. To date, no reports have been received to suggest data have been misused, although affected individuals have been advised to remain vigilant for abuse of their protected health information and identity theft.

This is the second incident to be reported to OCR in the past few days that has involved the theft of a device used to store backup data. Last week, Denton Heart Group discovered a backup device had been stolen from a locked facility. A hard drive containing 7 years of EHR backup data was recently discovered to have been stolen. While the device was stored in a locked closet, the data on the device were not encrypted.

The backup files contained a treasure trove of patient data including names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, insurance provider names and policy numbers, physicians’ names, clinic account numbers, medical diagnoses, lab test results, medications and other clinical data. To date, no reports of misuse of the stored data have been received.

Read full Denton Heart Group article: http://www.hipaajournal.com/unencrypted-backup-drive-containing-7-years-phi-stolen-denton-heart-group-8726/

Read full Local 693 article: http://www.hipaajournal.com/back-drive-stolen-phi-1291-patients-exposed-8736/