Potential Ky. data breach reported
Our Lady of Peace, a 278-bed psychiatric hospital in Louisville, Ky., is notifying 24,600 individuals about a potential patient data breach after a flash drive containing unencrypted patient information went missing April 1.
The flash drive reportedly contained data on patients admitted since 2002 as well as patients assessed, but never admitted, since 2009. Data on admitted patients included name, room number, insurer name, and admission and discharge dates.
Data on assessed patients included name, date of assessment, date of birth and the time they left the hospital.
The HITECH Act’s breach notification rule requires healthcare organizations to disclose within 60 days breaches known to affect 500 or more individuals. Smaller breaches must be reported on an annual basis. The hospital ran a legal advertisement notifying the public in the Louisville Courier-Journal on April 29.
Our Lady of Peace is re-educating employees on ways to protect patient information, implementing encryption technology and disciplining an undisclosed number of employees, according to a media statement.
The flash drive reportedly contained data on patients admitted since 2002 as well as patients assessed, but never admitted, since 2009. Data on admitted patients included name, room number, insurer name, and admission and discharge dates.
Data on assessed patients included name, date of assessment, date of birth and the time they left the hospital.
The HITECH Act’s breach notification rule requires healthcare organizations to disclose within 60 days breaches known to affect 500 or more individuals. Smaller breaches must be reported on an annual basis. The hospital ran a legal advertisement notifying the public in the Louisville Courier-Journal on April 29.
Our Lady of Peace is re-educating employees on ways to protect patient information, implementing encryption technology and disciplining an undisclosed number of employees, according to a media statement.