EMS patient data is stolen

June 21, 2006

By Nancy McCleary, Staff writer


A portable computer containing the personal information of more than 24,000 people was stolen from a Cumberland County ambulance June 8.

The computer contained the information of 24,350 people treated in the past year by Cumberland County Emergency Medical Services.

Cape Fear Valley Health System, which operates the EMS, has notified the N.C. Attorney General's Office and mailed letters to the affected people, urging them to monitor bank and credit card accounts, said Clinton Weaver, a spokesman for the health system.

"We're treating this incident seriously," he said. "We know the importance of patient confidentiality, and we're looking at ways to prevent this in the future."

The computer contained the names, addresses and birth dates of all the patients treated since August 2005 and the Social Security numbers of about 84 percent of those patients, Weaver said. Limited medical information for 11 patients was also stored on the computer, he said.

"Fortunately, the information was protected by two independent passwords," says the letter that was sent to patients. "Therefore, we have no reason to believe that the data contained on the computer has been accessed or compromised."

The stolen computer, a HP Rugged Tablet PC tr3000, is a tablet style computer. It is similar to a laptop computer but it is operated with a touch screen instead of a keyboard and mouse.

The computer was taken while a two-person ambulance crew based at the Eastover Volunteer Fire Department was taking a meal break at Kinlaw.s restaurant on Sapona Road, Weaver said. He would not identify the crew members.

The crew had left the ambulance unlocked, Weaver said.

"It has been strongly reinforced that it's important for the vehicle to be locked," he said.

Once the medical workers realized the computer was missing, they retraced their steps but could not find it.

Weaver said disciplinary action will be taken against the crew. He would not say what specific action would be taken but said it could range from a verbal reprimand to termination.

Each ambulance contains a computer. Information from the computer is transferred to a health system server at the end of each work shift, Weaver said, but it is also retained on the computer.

Some of the data must be reported to state officials, Weaver said, and other data is linked to the health system.s billing system.

Weaver said the ambulance service usually transports about 27,000 patients a year.

The health system was required to notify the state attorney general under the state's Identification Theft Act of 2005, Weaver said. The Attorney General.s Office recommended mailing letters to the patients, Weaver said.

In addition, the health system has contacted local law enforcement and national consumer credit reporting agencies including TransUnion, Equifax and Experian.

"We would recommend that you remain vigilant in reviewing your account statements and credit status," the letter says.

main page ATTRITION feedback