Renown Health Discovers PHI was Stored on Lost Thumb Drive

Renown Health, which is Northern Nevada’s biggest healthcare provider, has begun notifying some patients about the potential compromise of some of their protected health information (PHI).

On June 30, 2019, a portable storage device (thumb drive) containing files with patient data was found missing. A thorough search for the thumb drive was conducted in the facility, but the device can’t be located.

The incident was investigated to figure out the types of files contained in the device and the names of patients whose PHI were exposed.

The information contained in the storage device belongs to Renown South Meadows Medical Center patients who obtained inpatient services from January 1, 2012 to June 14, 2019. The files included the following types of information: patient names, medical record numbers, diagnoses, clinical details, admission dates, and doctors’ names. The device did not contain any Social Security number or financial data.

Renown Health advised patients to exercise care and keep an eye of their financial accounts and explanation of benefits statements for potentially fraudulent activity. Renown Health is going to review its policies concerning the use of portable devices like thumb drives. Its employees will also undergo extra training on protecting patient data.

The Department of Health and Human Services’ Office for Civil Rights has not published the data breach yet on its breach portal. The number of patients impacted by the breach is still unknown.

The data breach of this nature is the second that is reported in the last few days. The first involved the breach report of the New York Fire Department involving the missing portable electronic device that contains patients ePHI. The breach affected about 10,000 EMS patients.

These incidents emphasize the great importance of encrypting all portable electronic devices that is used as ePHI storage. In case of loss or theft of the device, the unauthorized person cannot access the ePHI and there will be no data breach.