HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Stolen Raley’s Pharmacy Laptop May Have Contained PHI of 10,000 Patients

Approximately 10,000 patients of Raley’s Pharmacy are being notified that some of their protected health information (PHI) has potentially been compromised.

On September 24, 2018, a laptop computer was stolen from a Raley’s pharmacy that may have contained some patients’ PHI.

Raley’s pharmacy immediately launched an investigation to determine what information was stored on the device. Interviews were conducted with staff members who had used the device in an attempt to understand the types of content that may have been exposed. The email accounts of employees were also checked for attachments and links to documents that contained ePHI, to determine which files had been downloaded or were stored in cache files in a temporary directory on the laptop.

After careful analysis, Raley’s Pharmacy was able to determine that the only patients affected by the security incident were those that had visited a Raley’s, Bel Air, and Nob Hill Foods pharmacy between January 1, 2017 and September 24, 2018 to have prescriptions filled.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

An analysis of the files which had potentially been downloaded to the laptop confirmed that highly sensitive information such as Social Security numbers, addresses, credit card information, and driver’s license numbers had not been compromised. The breach was limited to first and last names, gender, dates of birth, visit dates, pharmacy location visited, medical condition, prescription information, and health plan ID numbers.

Since Health plan/insurance information has potentially been exposed, affected patients have been advised to monitor their Explanation of Benefits statements for any sign of fraudulent activity.

The security incident has prompted Raley’s Pharmacy to implement encryption on all laptops to prevent data access by unauthorized individuals should further theft incidents occur. Additional security controls are also being evaluated.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.