A computer containing records of former cancer patients at Williamson Medical Center was stolen late last month from a Cincinnati company that helps the hospital manage its cancer registry data.
The hospital announced yesterday that it has mailed letters to about 1,000 former cancer patients informing them of the theft and the possible breach of their private health records.
The computer, containing records from five hospitals including Williamson Medical, was stolen in a Nov. 23 burglary of the offices of Electronic Registry Systems Inc. of Cincinnati. Other hospitals affected are in Georgia, Pennsylvania and Ohio.
Law enforcement authorities investigating the theft see no indication that it was motivated by an intent to steal patient information or data that can be used for identity theft. However, the files included health information as well as social security numbers, birthdates and addresses. The computer is password-protected and a user would require technical knowledge to decipher the files.
"At Williamson Medical Center, patient confidentiality is a priority, and health information is vigilantly protected," hospital CEO Dennis Miller said in a press release. "Therefore, as part of the business agreement with us, ERS agreed to comply wholly with the Health Insurance Portability and Accountability Act."
HIPAA is a federal law that seeks to protect patient health information.
"If we find that ERS was not compliant with HIPAA, the contract will be terminated immediately and all information will be retrieved," Miller says. "Unfortunately, that will not relieve the worry for our cancer patients who may be affected, which we deeply regret."