Lost mobile device impacts 1,800 home infusion patients

The loss of an unencrypted handheld Palm device in the Continuum Home Infusion unit of the University of Virginia Medical Center has resulted in a data breach of protected health information. More than 1,800 patients or potential patients were affected.

The device had information on patients who received home infusion services during September or who were referred to Continuum for services from August 2007 through September 2012.

The university learned on Oct. 5 that the device was missing, according to statements to patients and the media. Information on the device included names, addresses, diagnoses, medications and insurance identification numbers that included “some” Social Security numbers. No financial information was on the device.

According to a notice posted about the breach, the organization has "been unable to locate the handheld device, but we have no reason to believe that the information on it has been accessed or used. However, out of an abundance of caution, we began notifying affected patients on Nov. 30, 2012. We have also established a dedicated call center for patients with questions... We deeply regret any inconvenience this may cause our patients. To help prevent this from happening in the future, we have re-educated our staff regarding the importance of safeguarding protected health information and electronic devices containing protected health information."

According to other reports, the hospital will pay for one year of credit monitoring services for those with compromised Social Security numbers.