The Hartford Hospital and EMC were fined $90,000 after the theft of a laptop belonging to an employee of EMC Corporation that was said to contain health information on 8,883 Connecticut patients, according to Attorney General George Jepsen’s office.
Although the 2012 theft was immediately reported to authorities following a burglary at the home of the employee of the Hartford Hospital’s contractor, EMC, affected patients were informed at the time of the potential risks they were exposed to.
Both EMC and Hartford Hospital agreed to pay the fine and have concluded that none of the information on the stolen laptop, which is yet to be recovered, has been misused, even though it was stored in unencrypted format.
Following an agreement with the attorney general’s office, the hospital is to continue several training and security measures implemented after the incident. The agreement states that other measures, such as hardware and software encryption and regular employee privacy trainings, will be implemented and reported to the attorney’s office to demonstrate that appropriate measures have been taken to prevent similar incidents.
EMC, originally hired to work on a project aimed at reducing readmissions, states that, although no admission of guilt has been entered, it has fully cooperated with authorities in solving the matter.
“While EMC believes it did not violate any laws, resolving things by agreement was the best course for all involved,” said Katryn McGaughey, EMC spokesperson. “EMC remains fully committed to the privacy and data security of all customers with which it deals.”
Hartford Hospital spokeswoman Rebecca Stewart also stated since 2012, various security measures and procedures have been implemented, not only to improve HIPA (Health Insurance Portability and Accountability Act) compliancy, but also to reassure patients that their health information is protected and securely handled.