An invasion of privacy

Published 7:21 pm Saturday, January 5, 2013

Bad things happen, no matter how much we might try to prepare for them. Storms come along and overwhelm even the best-prepared cities, cars slide across icy roads, electrical fires destroy homes and businesses without warning. There’s no way to protect against every eventuality in life. The world is, unfortunately, inherently dangerous.

So there’s a bit of a temptation to give a Sentara Healthcare contractor a pass for the theft of a laptop in California that contained personal and private information about 56,000 of Sentara’s patients. The laptop was stolen from a locked car parked at the home of an engineer who works for a company, Omnicell, that manages Sentara’s automatic pharmacy dispensing devices.

Omnicell officials have said they’ve put safeguards in place to make sure such an event doesn’t happen again, and Sentara officials assure potentially affected patients that Social Security numbers, insurance policy numbers and personal financial information were not among the data included in the database stolen with the computer on Nov. 14.

Email newsletter signup

Still, it’s troubling to hear the types of information known to have been included in the database that existed on the laptop.

Names, birthdates and medications for 56,000 patients from seven Sentara hospitals and three outpatient centers are known to have been in the database. Sentara says the stolen laptop may also have contained details on gender, allergies, admission and discharge dates, physician name and patient type. And other information could have included site and area of the given hospital — for instance, specific inpatient or outpatient unit or area — along with patients’ room numbers and medication dosage and instructions.

Both companies stress that they have taken the required steps to notify the patients, and the tone of their comments to the press suggested that people should not worry too much about what was lost.

But it’s not hard to imagine that affected patients might feel violated by the simple fact that a stranger now knows such intimate details about them, the kind of details they might not even have shared with their family or friends, the kind that could now be shared with the world via the Internet.

Accidents happen, and there’s no way to guarantee that people will not do evil things like stealing laptops from locked vehicles. It would not be fair to hold Sentara directly responsible for the loss of data by its contractor. But healthcare providers owe their patients the very strictest possible controls on the personal information they keep, and it should never be at risk of exposure through such a simple burglary.