HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

6,893 Patient Records Exposed Due to Centers Plan for Healthy Living Laptop Theft

Centers Plan for Healthy Living, a Staten Island NY-based managed care organization, has announced that a laptop computer containing the protected health information of Medicare/Medicaid recipients has been stolen from its corporate offices. The laptop theft was discovered on January 4, 2016., with the device believed to have been taken on or around January 1.

Following the discovery of the theft, Centers Plan conducted an investigation and determined that the laptop may have contained a file containing data relating to 6,893 Medicare and Medicaid recipients. No Social Security numbers, financial information, credit card numbers, health data, or other highly sensitive information were contained in the file, although some individuals have had their Medicare and/or Medicaid numbers exposed. Other data believed to have been contained in the file include full names, dates of birth, and home addresses.

The theft was immediately reported to law enforcement although the laptop computer has not been recovered. Centers Plan does not believe the laptop was stolen for the data stored on the device, but for the value of the device itself.

All affected individuals have been notified of the potential privacy breach in accordance with HIPAA regulations and a substitute breach notice was posted on Centers Plan’s website. Credit monitoring services are being offered to all individuals who had their Medicare or Medicaid number exposed.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

In the two months since the laptop was stolen, no reports of improper use of data have been reported, although Centers Plan has advised those affected by the breach to exercise caution and to keep a close eye on their credit reports and financial accounts. In response to the incident Centers Plan will be taking steps to secure all data stored on internal computer equipment.

In the past six months, there have been 25 reports of stolen portable electronic devices submitted to the Office for Civil Rights. Those incidents resulted in the exposure of 194,101 patient records. All of those data breaches could have been prevented had data encryption been employed.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.