HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Renown Health Discovers PHI was Stored on Lost Thumb Drive

Renown Health, the largest healthcare provider in Northern Nevada, has started notifying certain patients that some of their protected health information (PHI) may have been compromised.

Patient information was present in files on a portable storage device (thumb drive) discovered to be missing on June 30, 2019. An extensive search of the facility was conducted but the thumb drive could not be located.

An investigation was conducted to determine what files had been saved to the device and which patients had their PHI exposed.

Files on the storage device related to patients who had received inpatient services at Renown South Meadows Medical Center between January 1, 2012 and June 14, 2019. The types of information in the files included names, diagnoses, medical record numbers, clinical information, admission dates, and physicians’ names.  No Social Security numbers or financial information were stored on the device.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Patients have been advised to exercise caution and monitor their accounts and explanation of benefits statements for any signs of fraudulent activity. Renown Health will be reviewing its policies covering the use of portable devices such as thumb drives and will be reeducating its workforce on safeguarding patient information.

The data breach has not yet appeared on the Department of Health and Human Services’ Office for Civil Rights’ breach portal, so it is unclear how many patients have been affected.

This is the second data breach of this nature to be reported in the past few days. The New York Fire Department also reported a breach involving the loss of a portable electronic device containing the ePHI of patients. Around 10,000 EMS patients were impacted by the breach.

These incidents highlight the importance of implementing encryption on all portable electronic devices used to store ePHI. In the event of device loss or theft, ePHI cannot be accessed by unauthorized individuals and a data breach will be prevented.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.