The trusted source for
healthcare information and
Patient data stolen with NIH laptop
A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health (NIH) study was stolen in February, according to a recent report in The Washington Post.1
The newspaper reports that the security breach has the potential to exposing seven years' worth of clinical trial data, including names, medical diagnoses, and details of the patients' heart scans. The information was not encrypted, a violation of the government's data security policy, the newspaper says.
NIH officials made no public comment about the theft and did not send letters notifying the affected patients of the breach until the newspaper revealed the theft almost a month later. They said they hesitated because of concerns that they would provoke undue alarm.
The handling of the incident is reminiscent of a 2006 theft from the home of a Department of Veterans Affairs (VA) employee of a laptop with personal information about veterans and active-duty service members. In that case, VA officials waited 19 days before announcing the theft.
The incident is the latest in several failures by government employees to properly secure personal information. The Government Accountabil-ity Office recently found that at least 19 of 24 agencies reviewed had experienced at least one breach that could expose people's personal information to identity theft, according to the newspaper.
NIH officials said the laptop was taken Feb. 23 from the locked trunk of a car driven by an NIH laboratory chief Andrew Arai, who had taken his daughter to a swim meet. Arai oversees the institute's research program on cardiac magnetic resonance imaging (MRI) and signed the letters to those whose data were exposed.
In the letter, Arai told the patients that "some personally identifiable information" was on the stolen computer, including names, birth dates, hospital medical record numbers and MRI information reports, such as measurements and diagnoses. Social Security numbers, phone numbers, addresses, and financial information were not on the laptop, officials said.
1. Nakashima E, Weiss R. Patients' data on stolen laptop. The Washington Post. March 24, 2008. P. A1. Accessed at http://www.washingtonpost.com/wp-dyn/content/article/2008/03/23/AR2008032301753.html.