Unprotected Medical Records

(San Jose, California) Police are investigating a burglary of two computers from the San Jose Medical Group which reportedly contained the names, addresses, Social Security numbers, and billing codes for as many as 185,000 patients. The computers were stolen on March 28th from the Race Street administrative office of the Medical Group. Current and former patients are being alerted to the possibility of identity theft and the invasion of their privacy. It should be noted that the Medical Group's chief doctor doesn't believe the computers were stolen for the data.

"I think those were the prettiest. They were the newest," said Dr. Dean Didech. "They were the most expensive. They were the most powerful computers."

As corrective action, the San Jose Medical Group committed to installing 'new security systems' and to assuring that confidential information is not stored on desktop computers.

Interestingly, it was only last Tuesday that a significant number of medical records were compromised in Cleveland when a truck, for some unknown reason, dumped them on city streets while being transported to the Cleveland Clinic. Like litter, approximately 3,000 patient and billing records were scattered, containing "patient names, home addresses, insurers and policy numbers, treating physicians, admission and discharge dates and detailed billing information."

Obviously, the organizations and people responsible for disclosing patient information in the two instances cited are apologetic. However, they are also liable for penalties from violating the provisions of the Healthcare Insurance Portability and Accountability Act (HIPAA). A quick look at the HIPAA schedule of penalties indicates that a maximum $25,000 fine can be imposed. That's not a large sum, but there is also the threat of possible civil suits if actual harm is realized by the people whose records were compromised.