OptumRx and Einstein Health Network Inform Patients of Recent PHI Breaches

OptumRx is in the process of notifying patients about a breach of their Protected Health Information after an unencrypted laptop computer was stolen from one of its vendors.

An employee of an unnamed company which provides prescription delivery services on behalf of OptumRx left a laptop computer in a vehicle from where it was stolen. The theft occurred on March 16, 2016 and OptumRx was notified of the theft by its vendor on March 22, 2016.

The laptop contained patient data including names, addresses, drug prescription information, prescription providers, and health plan names. No Social Security numbers or financial information were stored on the laptop, although some patients had their date of birth exposed. The breach notice submitted to the California Attorney General does not mention whether the laptop was password protected.

Additional security measures have now been implemented on laptop computers used by OptumRx’s vendor. Further staff training will be conducted to reinforce policies and procedures already put in place by the vendor. All affected patients have been offered a year of identity theft protection services with LifeLock and have been advised to closely check their explanation of benefits statements and account statements for suspicious activity.

Einstein Healthcare Network Alerts Patients About Potential PHI Compromise


An error in the configuration of a website has led to the PHI of approximately 3,000 Einstein Healthcare Network patients being exposed. The website database used to store information entered by patients into the “request for information” section of the company’s website form was discovered to be accessible over the Internet.

The website error was discovered on February 2, 2016., and was immediately corrected. However, any data entered into the request for information section of the website prior to February 2 could have been accessed by unauthorized individuals.

The database contained the names of patients, contact telephone numbers, physicians’ names, the reason for submitting the request, and some patient health information. It is not clear if data were accessed by unauthorized individuals during the time it was accessible over the Internet. Einstein Healthcare Network is not aware of any data being used inappropriately.

The Philadelphia-based healthcare network has now enhanced security measures on its website to prevent similar incidents from occurring in the future.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.