Yale Laptop Theft Exposes 1,000 Health Records
- By Dian Schaffhauser
- 09/03/10
Yale School of Medicine notified about 1,000 people whose clinical health information was contained on a laptop computer that was recently stolen from the school. The computer contained no Social Security, financial, or insurance data. So far there has been no indication that personal information on the computer has been misused. However, the Health Insurance Portability and Accountability Act requires that organizations working under the HIPAA regulations take actions to reduce any harmful effects caused by the disclosure of protected health information.
The university has been working with the New Haven Police Department to pursue leads in the theft, which took place on the night of July 28. As of this writing, the computer hadn't been recovered. The machine was owned by Yale and stolen from the unlocked office of a data analyst at the school. While access to the stolen laptop was protected by a password, the laptop wasn't encrypted.
The dean of the school of medicine apologized for the security breach and introduced several security upgrades, including mandated HIPAA security training, compliance with strong password standards, and "whole disk encryption," among others.
About the Author
Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.