25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Back Up Drive Stolen: PHI of 1,291 Patients Exposed

Posted By on Mar 20, 2017

The failure to encrypt backup data on a portable electronic device has resulted in the protected health information of 1,291 individuals being exposed.

The device was stolen from Local 693 Plumbers, Pipefitters & HVACR Technicians, a member of the United Association of Journeyman and Apprentices of the Plumbing and Pipefitting Industry of the United States and Canada. The backup device was discovered to be missing on January 23, 2017 following a break-in at Local 693 offices the day before.

An investigation revealed the device contained names, telephone numbers, addresses and Social Security numbers of current and former Plumbers & Pipefitters Local 693 Benefit Funds recipients and members of the Plumbers & Pipefitters Local 693 union.

The theft has been reported to law enforcement, the Vermont attorney general and the Department of Health and Human Services Office for Civil Rights. While the data on the device could potentially be accessed by unauthorized individuals, an independent information technology consultant who was retained to conduct an investigation believes the probability of data on the device being accessed and used inappropriately is “very low”.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

To date, Local 693 has not received any reports to suggest data have been misused, although affected individuals have been advised to remain vigilant for abuse of their protected health information and identity theft.

This is the second incident to be reported to OCR in the past few days that has involved the theft of a device used to store backup data. Last week, Denton Heart Group discovered a backup device had been stolen from a locked facility. That incident resulted in 7 years of backup data being stolen.

These incidents show that even when physical devices are stored in secure locations, there is still potential for the devices to be stolen. However, by encrypting stored data, privacy breaches such as this can be prevented.

In response to this incident, Local 693 has taken the decision to switch to a more secure form of storage for backup data. Data will now be stored securely in the cloud and all back up data will now be encrypted.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist