Data Breaches reports that NYC Health + Hospitals this week began to notify 595 NYC Health + Hospitals/Harlem patients about the possible disclosure of some of their protected health information (PHI). The possible disclosure—a laptop computer missing from the facility—occurred on January 25, 2018, and was discovered on January 29, 2018. The PHI on the laptop included patients’ names, medical record numbers, dates of birth, and whether a hearing test was passed.
There is no evidence to suggest that the PHI has been misused in any manner. Consistent with federal regulatory requirements, NYC Health + Hospitals has notified the federal oversight agency of this disclosure. In addition, in an abundance of caution, NYC Health + Hospitals has taken steps to protect those potentially affected, including offering free credit monitoring and identity protection services for one year, through the third-party vendor Kroll Information Assurance, LLC.
NYC Health + Hospitals has taken measures to prevent a recurrence. First, having immediately notified local law enforcement of the incident, the health system is assisting with the active investigation. Second, the health system is reviewing security precautions currently in place to identify areas for security supplementation, including installing additional security cameras. Third, the health system is evaluating additional security precautions specifically for portable devices. Fourth, the health system is reviewing security-awareness training to further emphasize to all employees the importance of safeguarding PHI.
Affected patients are invited to call toll free, from 9:00 am to 6:00 pm (Eastern Time) Monday through Friday, to get answers to their questions or get help with any related concerns.