LabCorp notified the Maryland Attorney General’s Office that a computer had been stolen and that there was a security breach of patient information. The computer was stolen from one of its facilities in North Carolina and it contained patient names, dates of birth, and Medicare subscriber numbers.
LabCorp’s notification states that they notified law enforcement, but they failed to state when the theft actually occurred. And although they disclosed that 115 Maryland residents had data on the computer, they do not report the total amount of how many patients’ personal information was on the stolen computer.
Under the Federal HIPAA (Health Insurance Portability and Accountability Act of 1996) laws, there is the Privacy Rule, a Federal law which gives patients the rights over their health information and sets limits on who can look at and receive such information. The Privacy Rule applies to all forms of protected health information, whether electronic, written, or oral.
The information protected is:
In this case, LabCorp failed to maintain your information properly protected and those who stole the computer from the LabCorp center are able to look at it, pass it on to others and even post it on the internet. To see if your information was on that computer, call the main LabCorp Headquarters by contacting them through email at firstname.lastname@example.org, calling LabCorp at (877) 234-4722 / (877-23-HIPAA) and asking for the LabCorp HIPAA Privacy Officer, or by sending a written request to: HIPAA Privacy Officer, LabCorp, 531 South Spring Street, Burlington, NC 27215.