No encryption means HIPAA breach for 45K
'We have taken steps to enhance our security'
Some 45,000 people are getting HIPAA breach notification letters after a mental health provider failed to encrypt laptops containing clients' medical data and Social Security numbers.
Aspire Indiana, a mental health organization located in central Indiana, has notified 45,030 of its clients and employees after several unencrypted laptops were stolen from its administrative office back on Nov. 7.
[See also: HIPAA breach puts blame on business associate.]
Following an investigation of the incident, Aspire officials determined emails on the laptops contained client and employees' Social Security numbers, names and addresses. 1,548 of those notified had their Social Security numbers compromised. The laptops also contained personal health information of Aspire clients. Health information Aspire collects includes HIV care data, substance abuse treatment and mental health services.
"Our organization is committed to maintaining the privacy and security of the personal information in our control, and we sincerely regret this incident occurred," said Aspire's president and CEO Rich DeHaven, in a public notice. "We have taken steps to enhance our security, including upgrading our alarm and security systems."
Healthcare IT News has reached out to Aspire for more details of the breach, but organization officials did not respond by publication time.
[See also: 6 biggest HIPAA breach fines.]
According to data from the Department of Health and Human Services, more than 41 million people have had their protected health information compromised in a reportable HIPAA privacy or security breach. A whopping 54 percent of those breaches involved the theft of unencrypted devices, laptops or paper records.