Medical Center misplaces device containing confidential information


The University Medical Center disclosed Friday it has misplaced an unencrypted handheld electronic device containing confidential information about 1,846 of its patients.

The device, which has been missing since the beginning of October, may have contained patients’ names, addresses, diagnoses, medications and Medicare identification numbers, which are sometimes Social Security numbers. The hospital has contacted all patients it believes are affected by the information breach.

Officials said because the device is outdated it would make it difficult for an outside party to access the confidential information.

“We have no reason to believe that the device has been accessed, but at the same time we are taking appropriate precautions,” said Bo Cofield, vice president for hospital and clinics operations.

The Medical Center opened a call center Monday to answer questions patients may have about the incident and is providing free credit-monitoring services to patients whose Social Security numbers may have been in the device.

The device’s manufacturer is no longer in business, but Cofield said hospital officials do not anticipate the misplacement to pose a major security risk to patients.

On-call pharmacists at Continuum Home Infusion, a University service providing at-home medical care, were the ones using the device at the time of its disappearance.

“In our portable world, it is perfectly reasonable and logical for this sort of information to be on a device,” Cofield said. “Still, since October, we have doubled our efforts to ensure that all devices have encryption mechanisms up to University standards.”

Medical Center officials said they did not release an in-depth description of the device to the public for security reasons, and said they delayed the announcement of the possible privacy breach because they first wanted to conduct a thorough investigation of the device’s whereabouts and contents.

“The applicable state and federal regulations here are very complex,” Cofield said. “[Before we made the announcement,] we wanted to make sure we were in touch with everyone who may have been impacted. We wanted to communicate effectively and personally.”

About 2,000 people are said to have had access to the device, all of whom were asked by the center to search their workplaces and homes.

related stories