U.C.L.A. Health System Warns About Stolen Records
By THE ASSOCIATED PRESS
Published: November 4, 2011
LOS ANGELES (AP) — UCLA’s system of hospitals and clinics warned more than 16,000 patients that their personal information was on a computer hard drive stolen in the burglary of a doctor’s home, officials said Friday.
The UCLA Health System sent letters to the 16,288 patients affected, warning them of possible identity theft and giving them contact information for a data security company the system has enlisted for help.
Someone using the documents for identity theft was “very unlikely,” but there was a possibility, the statement said.
“UCLA’s concern for its patients is absolute, and we deeply regret any breach of confidentiality and the stress and concern it might cause,” it said.
The burglary took place Sept. 6 and involved medical records from a four-year period, July 2007 to July 2011.
The warning came nearly two months after the theft because it took that long to identify and locate the patients affected by the burglary, officials said.
The documents included birth dates, addresses and medical record numbers and medical information, but no Social Security numbers or financial information, and no patient’s complete medical records were on the hard drive, officials said.
The information was encrypted but the password was on a scrap of paper near the computer that also was missing. Still, officials said there has been no evidence the records have been accessed.
The statement says the hospitals records policies were under review to help prevent such thefts.
The hospital did not release the name or details about the doctor who was burglarized, but said the person had to maintain the information to perform necessary job duties.
The UCLA system includes Ronald Reagan UCLA Medical Center, Mattel Children’s Hospital, Santa Monica UCLA Medical Center and Orthopedic Hospital, and Resnick Neuropsychiatric Hospital, along with outpatient clinics.
Last year the hospital network agreed to pay an $865,000 settlement for potential violations of federal privacy laws after hospital employees were accused, and some convicted, of crimes for snooping into the medical records of celebrity patients.
In 2008, California Department of Public Health officials found that UCLA hospital workers had inappropriately accessed records of more than 1,000 patients since 2003.
After the 2010 settlement UCLA said it had taken steps over the years to retrain staff and strengthen the security of its computer systems.