About 4,000 patients of the University of Michigan Health System may have had their personal health information exposed when a laptop containing confidential records was stolen on November 14.
A laptop stolen from an employee’s car put the information at risk, according to UMHS. The employee works for Omnicell, a vendor of the hospital system that develops medication dispensing software.
The laptop contained personal information including names, birth dates, UMHS patient numbers and medical record numbers for patients seen between October 24 and November 13, 2012.
UMHS said it determined that the Omnicell employee stored the personal data on an unsecured electronic device, violating both UMHS and Omnicell standard policies and procedures.
The risk may also include information such as patients’ gender, allergies, physician name, medication name and medication dose amount.
Omnicell notified UMHS of the security breach on Nov. 20. The laptop contained the personal information of patients from two other hospitals in addition to UMHS.
UMHS is expected to notify patients about the breach over winter break and to encourage them to monitor their insurance statements for fraudulent transactions as a precautionary measure.
“Patient privacy is extremely important to us, and we take this matter very seriously,” Jeanne Strickland, chief compliance officer for UMHS, said in a statement. She added that the hospital will investigate the incident.