Sharp Healthcare Says Stolen Devices Contained PHI of Patients

Share this article on:

A computer and an external storage drive have been discovered to have been stolen from San Diego-based healthcare provider Sharp Healthcare.

The devices were taken from a locked cabinet in an access-controlled patient treatment area of the Sharp Memorial Outpatient Pavilion in Kearny Mesa in San Diego, CA. It is not known when the devices were taken, although they were discovered to be missing on February 6, 2017.

The devices were used to store the data of patients who had undergone wellness screening as part of blood pressure and cardiac health studies performed at the outpatient center. The types of data stored on the devices includes patients’ full names, ages, dates of birth, medications currently being taken, a summary of the studies that were being performed and family health histories. The devices were not encrypted, so it is possible that the patient health information stored on both devices could be accessed by unauthorized individuals.

An internal investigation was conducted when the devices were discovered to be missing and efforts were made to locate the devices, although the investigation suggested the devices had been stolen. Law enforcement has been notified of the theft, although the equipment has not yet been discovered.

In response to the incident, Sharp Healthcare is reviewing its security practices and will be implementing a number of additional safeguards to prevent further incidents of this nature from occurring.

The Department of Health and Human Services’ Office for Civil Rights and the California Department of Public Health have been notified of the breach. 750 current and former patients are understood to have been impacted by the incident. All patients have already been notified by mail in accordance with Health Insurance Portability and Accountability Act Rules.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On