Devices contained hospital patient, employee information; no ID thefts reported
By Donna Vavala
The News Herald (Panama City, Florida)
Copyright 2007 The News Herald
Distributed by McClatchy-Tribune Business News
PANAMA CITY, Fla. — Four laptop computers with personal information on nearly 10,000 patients, employees and former employees of Gulf Coast Medical Center were stolen recently in two separate incidents.
“There were two unrelated incidents,” said Rod Whiting, Gulf Coast Medical Center’s marketing director. “One took place in Texas and one took place in Tallahassee.”
Three laptop computers were stolen from a car in Texas in November, but Whiting did not know the exact location. Those laptops contained 1,900 names of Gulf Coast Medical Center patients, their Social Security numbers and other personal information, and two names of either former or current medical center employees and their information, he said.
Another laptop was taken from a car at an undisclosed location in Tallahassee in February. The computer contained the names of 8,086 names of Gulf Coast Medical Center patients and personal information, including Social Security numbers, Whiting said.
“All the people in the November incident have received a letter that informed them that there may have been some information relative to them (on the laptops),” Whiting said. “The information is password-protected, so it is highly unlikely that any data was accessed.
“It is believed that the thefts were random and were more for the hardware on the laptops,” he said. “At this time, there have been no reports of any identity thefts.”
He said the laptops were taken from the cars of employees of Gulf Coast Medical Center’s parent company, Nashville, Tenn.-based Health Care Corporation of America, or HCA. The company is made up of 182 hospitals and 94 outpatient surgery centers in 22 states and two foreign countries, according to the HCA Web site.
Whiting said HCA’s risk-management policy mandates laptops containing sensitive information left in a car must be locked in the trunk when the car is not unoccupied. The employees with the laptops failed to adhere to that policy, Whiting said.
“The investigations are still under way with local law enforcement,” Whiting said.
The letter sent to the victims of the November theft contains an apology and an offer to provide a free credit report and a toll-free number to get it.
Letters to those affected by the February theft should be mailed within three weeks. HCA still is verifying addresses, Whiting said.
“Once those addresses are confirmed, they will also receive the letter,” Whiting said, adding that this group of people also will be referred to a credit card fraud monitoring company for a free credit report.
The data in question was backed up, so there was no loss of information.
“These thefts do not constitute a HIPAA violation,” Whiting said of the privacy laws that protect people’s personal information. “We met the criteria for protecting patient information.”
Whiting said if patients do not receive a letter, it means their information was not compromised by the thefts.
“We’re asking that people not call the hospital,” Whiting said. “There’s nothing we can tell them because we don’t have the names.