Patients Warned of PHI Exposure After Premier Healthcare Laptop Theft

More than 200,000 patients have been warned that their protected health information has potentially been accessed after an unencrypted laptop computer was stolen from Premier Healthcare in Bloomington, Indiana.

The laptop computer was protected with a password and is not believed to have been stolen for the data stored on the device. Those data include the names of patients, Social Security numbers, and “other confidential information,” including demographic data, dates of birth, addresses, financial information, insurance details, medical record numbers, and clinical information. Documents stored on the device included PDF files, spreadsheets, and screenshot images used by the billing department. In total,  205,748 patients have potentially been affected.


Passwords offer a degree of security but they can be cracked. There is a possibility that the data stored on the device could potentially be accessed. Consequently, Premier Healthcare has sent breach notification letters to all affected patients. Under HIPAA Rules, covered entities must issue breach notification letters to patients in the event of equipment theft if there is a possibility that PHI could potentially be exposed.

The laptop was stolen from Premier Healthcare’s billing department in Bloomington from an area that is not open to members of the public. The device disappeared on January 4, 2016., and while efforts have been made to locate the device it has not been found. Premier Healthcare has not uncovered any evidence to suggest that the data have been accessed or used inappropriately at this point in time.

To reduce the risk of future breaches and to ensure patient data is better protected, Premier Healthcare will be embarking on a program to encrypt all computers used to store patient data.

A report of the breach has been posted on the Bloomington Herald Times, although a substitute notice has not yet been posted on the company’s website.

52,076 Patient Records Stored on Stolen Valley Hope Association Laptop

Late last month, Norton KS-based alcohol and drug addiction treatment service provider Valley Hope Association reported a laptop computer had been stolen from an employee’s vehicle in late December. The laptop was protected with a password, but the device was similarly unencrypted. The data breach has now been posted on the HHS’ Office for Civil Rights breach portal. The breach report indicates that the PHI of 52,076 patients were stored on the device.

In Early February Seim Johnson LLP also reported the theft of an unencrypted laptop computer containing healthcare patient PHI. The health data of 30,972 patients was potentially compromised as a result of the theft. In January, New West Health Services dba New West Medicare reported the loss of a laptop computer containing the PHI of 28,209 individuals.

Hackers may be responsible for stealing the most healthcare records; however, the loss and theft of unencrypted devices is one of the biggest causes of healthcare data breaches. These data breaches could all have been prevented had encryption been employed.

UPDATE: March, 16. 2016

Premier Healthcare has reported that the laptop computer has been recovered: Further information can be found on this link.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.