HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Stolen Laptop Contained the PHI of Dignity Health Patients

Resource Anesthesiology Associates (RAA) of California has started notifying certain patients of Dignity Health’s Mercy Hospital Downtown and Mercy Hospital Southwest that some of their protected health information was stored on a laptop computer that was stolen.

RAA of California provides anesthesiology services at the Dignity Health hospitals, which requires access to patient data. On July 8, the laptop was stolen from an RAA of California administrator. The theft was reported to law enforcement, but the device has not been recovered.

RAA of California conducted an investigation to determine which patient information was stored on the device and could potentially be accessed. The review confirmed the following types of information were stored on the device: Names, addresses, dates of birth, provider names, dates of service, diagnoses and treatment information, health insurance information, and other information related to patients’ medical care.

The laptop computer was protected with a password, which provides a degree of protection against unauthorized access. However, passwords can be cracked, so there is a risk that information on the laptop could be viewed by unauthorized individuals. RAA of California said to date there has been no evidence found which indicates any of the information stored on the laptop computer has been accessed or misused.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

RAA of California believes the risk of misuse of patient data is low but, out of an abundance of caution, is offering affected individuals a complimentary membership to identity theft protection services through IDX. Patients will receive 12 months of CyberScan monitoring and will be protected by a $1 million identity theft insurance policy, which includes fully managed identity theft recovery services.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.