Left to chance

Here we go again, another federal employee’s laptop stolen, this time including private health data of 2,500 patients.  Of course the kickers are; the National Institutes of Health sat on this information for a month and the data on the laptop *was not encrypted*, which is against their own regulations.  “Almost 2,500 patients taking part in a federal medical trial recently had their private health data compromised when a researcher’s laptop computer was stolen. The National Institutes of Health, which was responsible for safeguarding the data, made things worse by delaying in notifying the patients. This disturbing incident underscores the need for a strong federal law to protect medical privacy and for greater responsibility by those who handle sensitive medical information. In late February, a laptop belonging to a researcher at the N.I.H.’s National Heart, Lung and Blood Institute was stolen from the trunk of his car. It contained information about heart disease patients, including their names, dates of birth and diagnoses of their medical conditions. The data was not encrypted as it should have been, which made it possible for an outsider to read. The N.I.H. waited roughly a month before notifying the patients whose data was lost. The release of this information is serious. Heart patients probably do not want their employers or insurance companies, among others, to know the details of their conditions. The breach is also a setback for medical research. Patients are likely to be reluctant to participate in clinical trials if their privacy is not respected.“  Who’s checking on people with sensitive data?  Can people not see the weakest link in that chain?