Wednesday, February 16, 2011

On Protecting Personal Information


A statement about the theft of some valuable hospital data was issued by the Health and Hospital Corporation (HHC) last February 11, 2011. Nearly 1.7 million electronic files were stolen on December 23, 2010. These are owned by patients, hospital staff, employees of vendors, contractors and others. This large bulk of data were filed at Jacobi Medical Center and North Central Bronx Hospital starting the year 1991 to present. In order to pre-empt future problems with those who might be affected, efforts to notify them are under way.

According to sources, these data might still remain hidden somewhere. These cannot just be used readily because of their nature. These data would need specialized technical expertise and data mining tools to be accessed. However, HHC wants to move a step ahead. It has started with its advocacy on protecting individuals. One is by offering free credit monitoring and fraud resolution for one year. For accessible assistance of information, it has also opened a toll-free phone information hotline.

HHC President Alan D. Aviles said that the theft was the result of negligence. It was GRM Information Management Service that was contracted to take care of the data. It specializes in the secure transport and storage of sensitive data. The incident is now the responsibility of the said company. According to some details, the van that was used to transport the data was left unattended and unlocked. The driver was allegedly said to be on his way to pick up other data from another customer. HHC also initiated measures to provide assistance and services to the affected individuals.

Two of the most valuable data that were stolen were protected health information (PHI) and personal information. These data belong to hospital staff, vendors, and contractors. These could include names, addresses, Social Security numbers, patients’ medical histories and occupational/employee health information.

HHC wrote notification letters in 17 languages. These letters are to be sent to those groups that were affected. The letter also explained how the recipient can avail of protective services that HHC offers. With the objective of reaching those affected as soon as possible, the letters are to be sent within two weeks. Federal regulation has a set of guidelines that each party involved in the “error” should comply with. One of which is the number of days allowed so that action could be taken on a particular case.

HHC has terminated the contract with GRM to prevent another similar incident to occur. It has held the company liable to answer the cost of notifying the individuals. In the lawsuit filed against GRM, HHC also held it responsible for other damages related to the loss of data. The data are still “at large”, and there is no sign yet that it will soon be recovered.

Image courtesy of:

Image: jscreationzs / FreeDigitalPhotos.net

No comments: