Indiana HIPAA breach involves 29,000

Employee laptop stolen from home

The 70-bed Gibson General Hospital in southwest Indiana announced a data breach Friday involving the personal health information (PHI) of some 29,000 patients. 

According to a company statement, an unencrypted laptop containing the PHI of the patients was stolen from an employee's home Nov. 27. Patient names, addresses, Social Security numbers and/or clinical treatment data was contained on the laptop. 
 
[See also: U of Michigan Health System, Omnicell report patient data breach.]
 
"There is no evidence to believe that the data on the laptop was the target of the theft or that any information has been or will be accessed for fraudulent purposes," said Emmett Schuster, president and CEO of Gibson General Hospital. "Protecting our patients' personal information is a priority at Gibson General Hospital, and we deeply regret that this occurred," Schuster said. He added that the hospital would continue to review policies and procedures to implement additional safeguards of patient privacy and PHI. 
 
Officials say the laptop could contain patient information from as far back as 2007, the year the hospital implemented its electronic health record system. 
 
Gibson General is offering a one-year theft protection membership to patients affected.