Notice to Patients Regarding Stolen Thumb Drive

The Duke University Health System (“DUHS”) is committed to safeguarding the security and confidentiality of our patients’ information.  Regrettably, the following information details a privacy breach affecting certain patients treated in the Duke Children’s Health Center and Lenox Baker Children’s Hospital from December 2013 to June of 2014.  

On July 1, 2014, we learned that an unencrypted thumb drive containing patient information was stolen, along with other items, from a DUHS administrative office earlier that same morning.  We immediately contacted law enforcement and began a thorough investigation to identify the information included on the thumb drive.  Our investigation determined that the thumb drive contained spreadsheets that included patients’ names, medical record numbers, physicians’ names, and in some instances, the names of certain Duke University Hospital locations visited.  The spreadsheets did not include any social security numbers, clinical information or financial information.  No medical records were included, and this incident will not affect patient care. To date, law enforcement has been unable to locate the thumb drive. 

We have no reason to believe that the information on the thumb drive has been used in any way.  However, out of an abundance of caution, we began notifying patients on August 29, 2014 and have established a dedicated call center to answer any questions that potentially affected patients may have.  If you believe you are affected but have not received a letter by September 19, 2014, please call 1-866-819-2163, Monday through Friday, between 9:00 am and 9:00 pm Eastern Daylight Time. 

We deeply regret any inconvenience this may cause our patients.  To help prevent something like this from happening in the future, we are enhancing our encryption processes and re-enforcing staff education on the use of encryption and the importance of handling patient information securely.