UCLA reviewing policies after patient information was stolen

The UCLA Health System is reviewing its policies after the system announced that the personal information for 16,288 patients was contained in an external hard drive that was stolen in an early September home invasion.

According to the system, the information was encrypted, but the password needed to de-code the information was written on a piece of paper near the hard drive and had not been found. The documents were said to have included first and last names, and may have also included birthdates, medical record numbers, addresses and medical record information—but not Social Security numbers.

“UCLA is reviewing its policies and procedures and will make any necessary revisions to help reduce the likelihood of such an incident occurring again,” said a Nov. 4 news release, which also noted that there is no evidence suggesting that the information has been accessed or misused. “UCLA's concern for its patients is absolute, and we deeply regret any breach of patient confidentiality and the stress and concern it might cause our patients.”

The system has hired Kroll, a New York-based, risk-consulting company, to offer assistance to those affected by the incident. In July, UCLA agreed to pay $865,000 to settle previous Health Insurance Portability and Accountability Act (HIPAA) complaints.