Children's Health has paid an almost $3.2 million federal penalty after a multiyear investigation into patient data privacy breaches.
Scott Summerall, a spokesman for the health system, said Thursday that the Children's Medical Center of Dallas self-reported the breaches that were part of the federal investigation. He said hospital administrators don't think the stolen data has been used in a way that has negatively affected patients or their families.
"We have also enacted many levels of protection across our variety of devices. We train our colleagues on the importance of protecting patient information, and the methods by which they do so," he wrote in an emailed response to questions from The Associated Press.
The U.S. Department of Health and Human Services Office for Civil Rights said Wednesday that the finding against the hospital was the result of "impermissible disclosure of unsecured" health information. The hospital self-reported the loss of three devices, two of which contained patient data.
According to the report, a BlackBerry containing unencrypted patient information for 3,800 individuals was lost at the Dallas-Fort Worth International Airport in 2009, and an unencrypted laptop containing information for almost 2,500 patients was stolen from the hospital in 2013.
"Children's issued unencrypted BlackBerry devices to nurses and allowed its workforce members to continue using unencrypted laptops and other mobile devices until 2013," according to the statement published on the Health and Human Services' website.
Summerall said the system decided to pay the fine rather than contesting the determination because it would be a "long and costly distraction from our mission to make life better for children."
