Patient Information Stolen from Employee’s Car

March 4, 2010

WINSTON-SALEM, N.C. – A bag containing a paper document with the names and Social Security numbers of 554 patients of Wake Forest University Baptist Medical Center was stolen from an employee’s locked car on Feb. 15.

All of the affected patients have been notified by mail, and Wake Forest Baptist has arranged for professional monitoring of financial and credit-related activity that could indicate possible misuse of the information. The activity will be monitored for one year at no cost to the patients affected. The service also includes addressing any problems that arise from the misuse of the personal information. Wake Forest Baptist will also maintain a telephone hotline for these patients.

“We deeply regret this incident and the inconvenience that this situation presents for these patients,” said J.T. Moser, Wake Forest Baptist’s chief privacy officer. “Our intention now is to prevent any harm to these patients as a result of the theft, and to take steps to reduce the likelihood that this kind of loss will happen again.”

The document was in a designer tote bag. Investigators believe that the bag was the target of the theft and that the document was inadvertently taken. The list did not contain details of the patients’ medical conditions.

The theft occurred in the parking deck of an off-campus outpatient clinic. The employee had taken the document home for work purposes, and upon returning to the office the employee left the bag in the car. The break-in was discovered later in the day. Once the employee verified that the bag was missing, Medical Center privacy officials were immediately notified and the theft was reported to the Winston-Salem Police Department.

Moser said that the Medical Center has policies about the handling of patients’ protected health information. However, he said, “We are currently reviewing our existing policies for any updates or improvements that might be necessary, and we intend to increase employee awareness and our enforcement of these policies.”

Although the employee in this incident reported the theft as soon as it was discovered, Moser said that current policy mandates that employees keep protected information secure at all times, and unfortunately that was not done in this case. As a result, he said, the Medical Center is taking “appropriate action.”

Media Relations

Mark Wright: news@wakehealth.edu, 336-713-4587

Bonnie Davis: bdavis@wakehealth.edu, 336-713-1597