Laptop with Sentara patients’ data stolen

Published 9:44 pm Thursday, January 3, 2013

Sentara Healthcare is assuring patients they are unlikely to become fraud victims after the theft of a laptop containing the names, birth dates and medications for about 56,000 of its patients.

The laptop belonging to Omnicell, a Sentara contractor managing automatic pharmacy dispensing services, was stolen from an Omnicell engineer’s locked car, Sentara spokeswoman Cheri Hinshelwood wrote in an email.

“There were no Social Security numbers, insurance policy numbers or personal financial information in the data set, which makes fraudulent use unlikely,” according to Hinshelwood.

“We’d like to assure patients that medical records were not on the device, and medical information has not been lost.”

The stolen laptop may also have contained details on gender, allergies, admission and discharge dates, physician name and patient type, such as whether inpatient, emergency department or outpatient.

Other information, she added, could have included site and area of the given hospital – for instance, specific inpatient or outpatient unit or area — room number, medication dose amount and rates, how medication is taken — such as oral or infusion — frequency of dose and start and/or stop time.

“Patients from seven Hampton Roads area hospitals and three outpatient campuses were affected by this incident. All affected patients including those from Suffolk will be receiving letters explaining the situation,” Hinshelwood wrote.

The files on the laptop, which was actually stolen on Nov. 14, 2012, had been collected from Omnicell’s medication dispensing cabinets over one to three weeks, company spokesman Todd Sims wrote in an email.

The engineer, whose vehicle was parked at his home in California at the time of the theft, had downloaded the information “while validating pre-release software for the hospital.”

“Upon learning of the theft of the device and the involvement of electronic protected health information, we promptly notified Sentara,” Sims wrote.

“We are doing everything in our power to ensure these customers experience as little disruption as possible in their delivery of quality medical care.”
Sims called the theft an “isolated incident in violation of existing company policies. Omnicell takes very seriously the protection of personal health information security, and we have initiated immediate and definitive measures to prevent a similar incident from re-occurring.”

According to Hinshelwood, the laptop also contained information on “thousands more (patients) from two other healthcare systems.”

Omnicell notified affected patients of the theft “in compliance with HIPAA (the Health Insurance Portability and Accountability Act) requirements and with an abundance of caution,” she added.

“Omnicell remains a trusted partner in pharmacy systems management and we will continue working with them going forward.”

The letters were mailed to patients beginning this week, Hinshelwood said, adding that anyone who does not receive a letter by Jan. 21, or who still has concerns, can call 1-855-755-8482 and enter the reference code 6236121712.