Wright-Patterson Medical Center in Dayton, Ohio, notified 3,800 patients after a notebook was left overnight in a conference room and recovered the next morning behind a chair, apparently after being dropped, according to the Dayton Daily News. Names and Social Security numbers on sign-in sheets were among the information on the notebook.
Even though the notebook was recovered, this is still a HIPAA breach. Why? Because the device was not secured overnight. Incidents such as this should server to remind each and every provider of the importance of maintaining security on every mobile devices. In addition had the notebook computer been encrypted with a method that was compliant with NIST 140-2 the medical center would not have been required to notify the 3,800 patients.
This is just another reminder that mistakes can happen, and that all providers need to be aware of all media, and that it is in the best interest of medical providers to ensure that all media is properly and thoroughly encrypted.