UIC Notifies Patients of Data Breach
June 2, 2015
On April 15, the University of Illinois at Chicago College of Medicine learned that a password-protected laptop used by a faculty physician was stolen from his office at an unaffiliated clinic that morning. Chicago police were notified immediately, but the computer has not yet been recovered. In accordance with federal law, the University has notified the Department of Health and Human Services, Office for Civil Rights.
The University has confirmed that approximately 3,600 patients’ information was stored on the laptop. The University began notifying affected individuals on June 2, that their personal information, including their full names, birthdates, medical record numbers, phone numbers, dates of service, insurance carriers, and brief descriptions of medical procedures performed, may have been contained on the stolen laptop. The laptop did not contain financial information or social security numbers.
While the physician believes the stolen laptop was encrypted, the University was not able to identify appropriate documentation to confirm that the laptop was secured and as such, in an abundance of caution, determined patient notification was necessary.
The University has conducted a thorough investigation into this incident and has taken steps to make sure that this type of incident does not happen again. The University has re-trained the physician whose laptop was stolen and ensured that data on his replacement laptop is secured with encryption. Additionally, the University has reviewed its policies and procedures on encryption and will soon begin implementing system-wide encryption of all laptops.
To date, the University has received no reports of improper use of patients’ information and as such, does not believe affected individuals need to take any specific precautionary measures at this time. However, if any suspicious activity is detected, patients should contact the University and local authorities immediately.
The University takes great care to protect its patients’ privacy and regrets any inconvenience this incident may have caused. The University has set up a toll-free hotline, (888) 271-1254, to address any questions that might arise.
Sherri McGinnis Gonzalez