More than 500 patients at the Arizona Counseling and Treatment Services are being notified of a HIPAA breach after a company laptop containing patients' personal health information was stolen from an employee's home, according to a Yuma Sun report.
"Sometime between March the 18th and the 25th, someone broke into an employee's home and stole a work laptop and external hard drive,” Alicia Z. Aguirre, general counsel for Yuma's Arizona Counseling and Treatment Services, told the Sun.
Officials at the counseling group – a contracted provider of Cenpatico Behavioral Health of Arizona – said the drive contained patient names, dates of birth and clinical treatment data. The laptop, they added, contained recovery tracking software.
Since the 2009 breach notification rule requiring that HIPAA-covered entities notify patients following a breach involving 500 or more individuals, the Department of Health and Human Services has investigated some 13 incidents in Arizona that have compromised the personal health information of 257,468 patients.
“The real purpose of breach notification is for covered entities to identify the vulnerabilities that resulted in the breach, (and) remedy those vulnerabilities in an immediate and decisive manner,” said Leon Rodriguez
, Office for Civil Rights Director, at the 2013 HIMSS
Annual Conference and Exhibition. “And also for us to learn from those breach reports where those vulnerabilities are.”
Rodriguez pointed out that, overall, some 65,000 breach reports have been filed with the OCR since 2009.