The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Theft of Unencrypted Laptop Exposes Wonderful Health & Wellness Patients’ ePHI

Posted By on Jan 24, 2017

Los Angeles-based Wonderful Health and Wellness has notified patents that their electronic protected health information (ePHI) was exposed in early December, 2016 when an unencrypted laptop computer was stolen from the company’s Wonderful Center for Health Innovation.

Staff at the Center discovered the laptop computer was missing on December 12 when they returned to work after the weekend, with the theft having occurred at some point between December 9 and 12. The theft was immediately reported to law enforcement, although the device has not been recovered.

The laptop contained a range of protected health information including patients’ names along with their home addresses, telephone numbers, dates of birth, email addresses, clinical account numbers, medical conditions, treatment information, treatment dates, and test results. No Social Security numbers or financial information were stored on the device.

While the laptop computer was not encrypted, software had been installed which allows data on the device to be remotely deleted, although only if the laptop is used to connect to the Internet. Wonderful Health and Wellness has programmed the software to delete all sensitive data on the device the next time the device connects.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Patients were notified of the potential ePHI breach on January 18, 2017. At that point, there was no indication that any of the data on the device had been accessed or used inappropriately.

Wonderful Health and Wellness has conducted a review of its strategy for storing and transmitting medical information and additional safeguards have already been implemented to better secure patients’ medical information and prevent future breaches of this nature from occurring.

The incident has yet to appear on the Department of Health and Human Services’ Office for Civil Rights breach portal, so it is currently unclear how many patients have been impacted by the incident.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist