Another day, another breach. This time it's California-based DaVita HealthCare Partners that recently reported an unencrypted laptop containing patient protected health information was stolen from an employee's vehicle.
DaVita, a division of DHP, reportedly maintains a business-wide encryption policy, but the encryption of this laptop was "unintentionally deactivated," according to a DaVita news release.
[See also: Nosy employees? Follow the audit trail.]
Patients names, clinical diagnoses, insurance and claims data for some 11,500 patients were contained on the laptop. Moreover, for 375 of those patients, the information stored on the laptop included Social Security numbers.
"We sincerely apologize for any inconvenience or concern this incident may cause our patients," said DaVita spokesman Skip Thurman, in a Nov. 5 release announcing the breach. "DaVita has reviewed its encryption practices and implemented additional safeguards to protect against any future instances of non-compliance with our encryption policies and procedures."
HealthCare Partners, a managed care company that bought DaVita in 2012, also reported a similar HIPAA breach in 2011 when 19 unencrypted laptops were stolen from one of its facilities.
[See also: Ready or not: HIPAA gets tougher today.]
Since 2009, when the HIPAA privacy and security rules went into effect requiring HIPAA-covered entities notify HHS for breaches involving more than 500 individuals, some 27 million individuals have had their protected health information compromised.