The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Possible HIPAA Violations in Medical College of Wisconsin Breach

Posted By on Mar 3, 2015

The Medical College of Wisconsin has issued a statement announcing a data breach that has affected approximately 400 of its patients.

WDJT Milwaukee, an affiliate of CBS, was contacted on Feb 28, 2015 by a spokesperson for the Medical College of Wisconsin detailing a data breach which exposed some confidential information of its patients. The breach occurred on February 15, 2015, when a document and a laptop computer were stolen from a physician’s car. The document contained information relating to approximately 400 patients. The laptop is understood only to have only contained the information of one patient.

It is not clear exactly what information was stored on the laptop computer or in document at this stage; although MCW has confirmed that no Social Security numbers or patient addresses were stolen.

In spite of legislation that requires data encryption is addressed, the healthcare industry has been slow to respond and use data encryption on its desktop computers, laptop computers and other portable storage devices. Data encryption ensures that if a device is stolen, no information can be accessed by unauthorized individuals. When it is not used, a laptop theft can compromise the data of thousands, if not hundreds of thousands of patient records.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

HIPAA does not demand data encryption, only that it be addressed. If a similar level of protection can be provided by other means, healthcare organizations are entitled to use these as an alternative.

At The Medical College of Wisconsin, data encryption and other security measures are used in accordance with HIPAA regulations, yet these have been circumnavigated by a doctor.

According to the statement, “Firm policies are in place prohibiting the downloading of patient information to portable media, as well as the secured transport of documents containing patient information.” It went on to say “A violation of these policies occurred on February 15, 2015, resulting in the theft of a document containing private information on approximately 400 patients, as well as information stored on a laptop computer pertaining to one patient.”

All affected patients are now being contacted to advise them of the breach and the information that has been compromised, and also to alert them to the possibility that their information may be used inappropriately. The Medical College of Wisconsin has also confirmed that it has now taken steps to prevent further breaches of this nature from occurring.

It is clear that a privacy violation has occurred, although at this stage it is unknown to what extent HIPAA violations have occurred and who is responsible.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist