The National Heart, Lung and Blood Institute has strengthened its data protection policies and enforcement of those policies in the wake of the theft of a laptop computer containing unencrypted information on about 2,500 patients enrolled in a clinical research project.
The laptop was stolen in February from the locked car trunk of a researcher employed by the institute, which is part of the National Institutes of Health. According to a statement by the institute’s director, NIH information technology officials believe it’s unlikely that the patients will be victims of identity theft or financial loss.
The lost files held names, birth dates, hospital medical record numbers and data from magnetic resonance imaging of the patients’ hearts, said Dr. Elizabeth Nabel, director of the National Health Lung and Blood Institute. The laptop was turned off and password-protected, but the institute acknowledged that protection could be insufficient.
“The laptop contained no additional medical information on participants beyond the MRI reports and no additional information such as Social Security numbers, addresses, phone numbers or any financial information,” Nabel’s statement said.
The institute notified patients of the potential breach in a letter sent by overnight delivery last week, nearly three weeks after the loss of the laptop.
As a result of the loss, Nabel said, the institute is now requiring that all its laptops be encrypted, in accordance with policies of the Office of Management and Budget and the Department of Health and Human Services, NIH’s parent agency. NIH Center for Information Technology staff members are inspecting each researcher’s laptop to ensure it has encryption software installed.
“We have also emphasized that NHLBI staff are never to keep patient names, other identifying information, or identifiable medical information on a laptop computer,” Nabel’s statement said.
“When volunteers enroll in a clinical study, they place great trust in the researchers and study staff, expecting them to act both responsibly and ethically,” she said. “We at the NHLBI take that trust very seriously and we deeply regret that this incident may cause those who have participated in one of our studies to feel that we have violated that trust.” Nabel said.
Government Health IT presents Rick Friedman, director of the division of state systems for the Center for Medicaid and State Operations with the U.S. Department of Health and Human Services, in this recent eSeminar regarding how the federal Centers of Medicare and Medicaid Services is partnering with state Medicaid and health and human services officials to bring Medicaid into the digital age. Paul McCloskey, Government Health IT editor, moderates.
