Health care providers integrate many forms of technology into their practices.  For instance, laptops, desktops, EMR tablets, iPads, iPhones, iPods, thumbdrives, CD backups, external hard drives, photo copiers, fax machines, thumb/jump drives, etc.  However, many practices have not implemented strict policies and procedures requiring that office staff complete a privacy and security audit to keep track of all forms of electronic storage devices.  Moreover, the policies should be prepared to enable staff members to identify a missing electronic storage device as part of their daily risk analysis.

For Georgia’s UHS-Pruitt Corporation, it had two laptops stolen within a two-week period.  “Both laptops held unencrypted patient data on their hard drives, and were stolen from employee cars.”

The first incident, which occurred on September 26, involved information from 1,300 patients at its nursing facilities, including names, dates of birth, Medicare numbers, resident ID numbers, and Social Security numbers. The affected patients were current or former residents of Heritage Healthcare of Ashburn, UniHealth Post-Acute Care Augusta Hills, Heritage Healthcare of Fitzgerald, Heritage Healthcare at Osceola, Palmyra Nursing Home and Sylvester Healthcare. This laptop and the information on it were used to process healthcare service payments for the facilities.

On October 8, a laptop belonging to a UniHealth SOURCE employee was stolen. Less information was available in this instance, limited to names and diagnoses, as it was only used for quality assurance audits. The 4,500 affected patients were current and former patients of UniHealth SOURCE, UniHealth Select, and Blue Ridge Community Based Services.” Article.

Not only did Georgia’s UHS-Pruitt Corporation not properly encrypt the laptops, it could have been proactive by implementing and following proper protocols to discover that the laptops were not accounted for in their normal place within the facility.  Health care providers are held to a higher standard and should know that their electronic storage devices containing protected health information is: 1) properly encrypted; and 2) properly accounted for.

Tell us how your organization protects its information?   Share your ideas with us by clicking on the comment button below.  We’d love to hear from you.

Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.

Related Posts


Recent Posts

Getting Remarried? Here’s What You Need to Know
March 21, 2024
What is the Biggest Threat to Healthcare?
January 30, 2024
How Can I Simplify Estate Planning?
January 11, 2024
I Have a Trust. Now What?
December 7, 2023
Breaking: Corewell Health Breach
December 5, 2023


Subscribe to Our Newsletter

Subscribe and get your FREE copy of Easy Guide to HIPAA Risk Assessments

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment. (an $8.99 value)

Thank you for subscribing to the Rickard & Associates healthcare blog. You'll receive a confirmation email shortly. After verifying your subscription request, you'll be sent to the "Easy Guide to HIPAA Risk Assessments" download page.