The theft of electronic equipment from a vendor employee's car has prompted the University of Michigan Health System to alert about 4,000 patients that some of their demographic and health information may have been exposed.
The information should have been stored on an encrypted device but wasn't, system officials said in an e-mailed news release. That marked a violation of the system's agreement with Omnicell, a Mountain View, Calif.-based healthcare information technology services provider. The stolen equipment contained information from patients seen between Oct. 24 and Nov. 13 at two UMHS hospitals as well as information from patients at two other hospitals unnamed in the UMHS release. An Omnicell representative was unavailable for comment at deadline, and no additional information on the incident was available from Omnicell's website.
Data stored on the device included names, birth dates and medical record numbers. Information about admission dates and patients' gender, allergies, doctor's name, medication name and room number may also have been contained on the device. UMHS officials emphasized the data didn't include the patients' addresses, phone numbers, Social Security number or bank and credit card account numbers.
The device, which has not been recovered, was stolen Nov. 14 from an Omnicell employee's car. UMHS was notified six days later, according to the release. The system is in the process of notifying patients via mail and has advised them to check their medical insurance statements for potential fraud. Omnicell is revising its practices in response, the release states. UMHS said it believes the likelihood of fraud is low, as a data key would be needed to understand the stored information.