PORTLAND, Ore. - Providence Health System said thieves have once again walked away with carelessly handled records containing patients' personal data, this time in Washington state. 
The security breach is on a smaller scale than the one announced in January. 

Then, the company said a car burglar had stolen computer disks and tapes holding records on 365,000 patients across Oregon and Washington.

In the latest thefts, the company announced Monday that in two car break-ins, one on Feb. 27 and the other March 3, thieves took laptops containing records on 122 hospice and home-care patients in Snohomish County, Wash.

The employees involved were not following company policy, which requires hospice and home-care practitioners to keep laptops containing patient records within view at all times, Providence officials said.

"It's very frustrating," Greg Van Pelt, senior vice president and chief regional operating officer, told The Oregonian. "We've had in-services on this. We've confirmed that with our managers. The policy is clear."

In one case, Van Pelt said, a health care practitioner left a laptop in a car parked outside a care center while visiting a patient. Another left a laptop in a car while running into a store.

"They are learning from our Oregon situation," said Marcia Williams, a Providence spokeswoman in Portland.

Providence said it would provide free identity and credit restoration and monitoring services to every affected patient.

None of the stolen records so far appears to have been used by criminals.

While not defending the recent security lapses, Van Pelt said the circumstances were "very different" from the theft of 365,000 records, which the company's home-services division was storing at employees' homes for emergency backup.

The stolen laptops were being used by home care and hospice nurses to chart records on the patients they visit each day.

"These were not databases," Van Pelt said. "People downloaded specific information they need to see their caseload for the day, then they upload to the network at the end of the day."

Since the thefts, Van Pelt said the company has begun adding encryption to home-care practitioners' laptops to lock out unauthorized users.

(Originating URL = http://www.katu.com/news/story.asp?ID=83895 )