Northside Hospital, Inc.

A password-protected, unencrypted laptop was lost or stolen when a Northside Hospital (NSH) workforce member inadvertently left it on the hood of her car while parked. The laptop contained the electronic protected health information (ePHI) of 4,879 individuals. The ePHI involved in the breach included patients’ names, account numbers, billing dates, diagnoses and/or diagnosis codes, and lab results. The covered entity (CE), NSH, provided breach notification to HHS, affected individuals, and the media and provided substitute notification. Following the breach, the CE encrypted all its ePHI. As a result of OCR’s investigation, the CE also revised its HIPAA policies reguarding mobile devices and breach notification, and implemented other safeguards.
Location of breached information: Laptop
Business associate present: No