25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Unencrypted Hard Drive Stolen from LSU Health New Orleans: 2,200 Individuals Impacted

Posted By on May 9, 2017

Another healthcare provider has announced that an unencrypted device used to store electronic protected health information of patients has been stolen.

The medical data of 2,200 patients of Louisiana State University Health New Orleans were stored on a portable hard drive that was stolen from the Department of Neurology Research in March.

The theft occurred on or around March 6 and was immediately reported to law enforcement. A suspect was arrested the following day, although the hard drive has not been recovered. Officials do not believe any data on the drive have been misused, although the possibility that ePHI has been viewed cannot be ruled out.

LSU Health New Orleans has reconstructed the data on the drive and is notifying affected individuals. The drive contained research data relating to individuals who participated in studies between 1998 and 2009.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

No Social Security numbers or financial information have been compromised, with the data breach limited to names, dates of birth, diagnosis codes and treatment codes.

This is not the first time that an incident such as this has resulted in the exposure of patients protected health information. In 2015, a faculty member of the LSU Health New Orleans School of Medicine had a laptop computer stolen from his vehicle. The device contained a wide range of protected health information of approximately 5,000 minor patients. Following that breach, information security policies and procedures were reviewed to determine whether improvements could be made to reduce the risk of future breaches.

LSU Health New Orleans does now have information technology policies in place that require safeguards to be implemented on mobile devices to reduce the risk of data exposure in the event that devices are lost or stolen. Those policies do include the use of encryption; however, in this case, those policies were not followed.

According to a statement issued by LSU Health New Orleans, the lack of encryption on the device has resulted in ‘appropriate remedial action’ being taken.

Data security policies will now be updated and included in training programs to prevent similar incidents from occurring in the future. Affected patients are being offered one year of credit monitoring services.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist