SickKids notifies study participants
of stolen laptop
The Hospital for Sick Children (SickKids) has notified patients who
participated in 10 different research studies about a stolen laptop that
contained their personal health information. The laptop was stolen on
January 4, 2007 from the car of a physician who was doing data analysis.
SickKids reported the incident to Ontario’s Information and Privacy
Commissioner (IPC) and is working in full cooperation with the IPC in an
independent review of this incident.
According to a report in the Canadian Press, a doctor with the hospital,
who is also a researcher there, took a laptop from work, intending to
analyze some data at home. The laptop was stolen when the doctor’s
minivan was burglarized in a Toronto parking lot.
While the laptop contained information about 2,900 patients, the
computer was password protected and it is not likely that the data could
be easily understood by someone who lacks clinical training, the
hospital said. Patient care is not affected by this incident, since the
stolen laptop contained research data and not patient charts.
The studies involved patients in the rheumatology, endocrinology,
infectious diseases and cardiac program. Many of the patients in the
cardiac studies were treated in the cardiac program at SickKids as
children. Notification letters were sent to study participants who are
active patients. In certain circumstances, patients were notified in
person at clinic appointments.
SickKids said it is committed to the protection of patient privacy. It
is working with the IPC on a review of applicable policies and practices
to ensure appropriate privacy and security safeguards are in place and
that they are clearly and consistently communicated to hospital staff.
On a related note, Ontario’s privacy commissioner, Ann Cavoukian
(pictured above), warned that hospitals
and businesses need to do a better job of ensuring personal information
doesn’t fall into the wrong hands – especially with the growing use of
mobile information devices like laptops, BlackBerrys and other PDAs.
SickKids is developing a policy to ensure personal health information
that’s stored in a location other than on its secure servers – a laptop,
for instance – is either encrypted or carries no personal identifiers.
Cavoukian said she’s urging all hospitals, businesses and government
departments to adopt similar restrictions, and applauded hospital
officials for taking action.