Health & Medicine

Stolen Lexington Clinic laptop contained patient information

Six weeks after a medical clinic laptop was stolen, the Lexington Clinic is notifying the public of a privacy breach involving 1,018 patients.

The laptop was stolen Dec. 7 from the clinic's neurology department in St. Joseph Office Park, 1401 Harrodsburg Road. According to clinic officials who are investigating the theft, the laptop was discovered missing Dec. 8. Letters to affected patients were sent last week, and the security breach was made public Monday.

Clinic spokeswoman Amy Lain said it took weeks to pinpoint exactly what information was on the laptop, which was used in conjunction with the clinic's electromyography machine. Clinic officials determined the laptop contained information such as names, contact information and diagnoses gathered from patients as long as five years ago. The stolen laptop did not contain personal financial information such as Social Security numbers, credit card numbers and bank account numbers, Lain said. Officials from St. Joseph Hospital, which runs the office park, said the incident appears to have been an isolated theft.

"We have very stringent security protocols," said Lain, "but these things do happen."

Lexington Clinic sent a letter last week notifying affected patients. Lain said if a patient hasn't received a letter by now, their information wasn't compromised.

There is no evidence that any patient information has been misused, but the Federal Trade Commission suggests the following steps to avoid misuse. Stay alert for signs of identity theft, such as:

■ Accounts you didn't open and debts on accounts you can't explain.

■ Fraudulent or inaccurate information on your credit reports, including accounts and personal information, such as your Social Security number, address(es), name or initials and employers.

■ Failing to receive bills or other mail. Follow up with creditors if your bills don't arrive on time.

■ Receiving credit cards you didn't apply for.

■ Being denied credit, or being offered less favorable credit terms, such as a high interest rate, for no apparent reason.

■ Getting calls or letters from debt collectors or businesses about merchandise or services you didn't buy.

UK HealthCare suffered a similar breach in June when the medical records of 2,000 people were stolen from the Department of Pediatrics Newborn Screening Program. It took nearly two months to notify the public.

UK HealthCare officials said at the time that the need to work with the state Cabinet for Health and Family Services and its inspector general's office accounted for the lag in notifying the public.

UK HealthCare spokeswoman Kristi Lopez said Monday there have been no reports of any private patient information contained in that breach being used for identity theft.