HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Briar Hill Management Notifies 2,000 Individuals of February Laptop Loss

Briar Hill Management, a Ridgeland, MS-based provider of management services for skilled nursing facilities in Mississippi, has lost a laptop computer containing the sensitive data of 2,000 nursing facility residents.

The laptop was discovered to be missing on February 26, 2016, although at the time it was not believed that the laptop contained any resident health information. However, according to the breach notice recently uploaded to the company website, an investigation into the incident revealed that the employee who had been assigned the laptop computer had breached company policies and had downloaded sensitive information onto the device.

The data stored on the unencrypted laptop included residents’ names, addresses, birth dates, dates of service, Social security numbers, prescription information, and medical records. Briar Hill Management says “the laptop did not contain all of these types of information for every affected resident.” The breach notice does not state when Briar Hill Management discovered sensitive information had been exposed.

Briar Hill Management conducted an “exhaustive” search for the device, but it was concluded that the laptop was lost off-site. Briar Hill Management says the employee also breached company policies by failing to “properly secure the laptop when outside of the company’s office.” Law enforcement has been notified of the loss, but after more than 8 months since the laptop was lost it can be safely assumed that the device will not be recovered.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Residents impacted by the breach have been informed that the company’s investigation into the incident has not uncovered any evidence to suggest that residents’ information has been improperly accessed, although as a precaution, individuals affected by the breach have been offered a year of credit monitoring and identity theft protection services without charge.

To prevent future breaches of this nature, Briar Hill Management has implemented additional safeguards for all mobile devices used by company employees. The employee responsible for the device has also been sanctioned.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.