Flash Drive Theft Exposes PHI of 2700 Oneida Health Center Dental Clinic Patients
An unencrypted flash drive containing the protected health information of 2,700 patients of the Oneida Health Center Dental Clinic has been discovered to be missing. The portable storage device is believed to have been stolen internally and an investigation into the theft is still being conducted by the dental clinic. Local law enforcement was also notified and an investigation was conducted, although the flash drive has not been recovered.
The drive was stolen from the Oneida Health Center on the Oneida Reservation at 525 Airport Drive on February 17, 2016. The device contained a limited amount of patient data including patient names, patient identification numbers, and dental insurance identification numbers.
Patients affected by the breach had visited the dental clinic between February 2, 2015 and February 17, 2016. No Social Security numbers, dates of birth, or financial information were stored on the device. Patients have now been notified of the breach by mail in accordance with Health Insurance Portability and Accountability Act Rules.
Oneida Health Center has no reason to believe the data stored on the device have been used inappropriately or disclosed to any individuals other than the person who took the device. Since there is a risk that the dental insurance number could be misused patients have been advised to contact their insurance company and explain that their ID number has potentially been compromised. Patients have also been told of the importance of protecting personal information and to be wary of any requests to disclose any of their personal information.
To reduce the risk of future breaches of PHI, Oneida Health Center Dental Clinic will be implementing new administrative policies and procedures concerning the use of portable storage devices. To reduce the risk of further PHI exposures, additional technical safeguards will be used to protect data stored on flash drives and other portable storage devices.