A laptop computer that went missing from a local nonprofit agency contains personal and health-related information of as many as 2,400 current and former clients.
The computer was discovered missing from the offices of Community Services Northwest on Dec. 6 and is believed to have disappeared after Nov. 6.
Community Services Northwest provides mental health and addiction treatment as well as supportive housing to low-income people. Its main office is in the Center for Community Health at 1601 E. Fourth Plain Blvd.; its satellite “Wellness Project” is nearby at 317 E. 39th St.
Staff members believe the laptop was stolen. They filed a police report, but as of yet there is “no indication that any information on the computer has been accessed or used by any unauthorized individuals,” according to a statement from Marjorie Dorsey, the agency’s HIPAA compliance officer. HIPAA is the Health Insurance Portability and Accountability Act of 1996, which governs the privacy of medical information and records.
“According to HIPAA standards, we have a 60-day window from discovery” to notify the public that private data may have been compromised, Dorsey said. That’s why the notice of the Dec. 6 discovery just went out, she said — along with individual letters to everyone that may have been affected.
2,400 possibly affected
Client data from the last four years were on the laptop, Dorsey said. That could mean as many as 2,400 people, she said. The current Community Services Northwest client load is about 1,500 people, she said.
“The missing computer contained emails with personal and health-related information of some current and former CSN clients,” Dorsey’s statement says. “The types of information that may have been included in the emails include name, home address, email address, date of birth, Social Security number, service dates, diagnosis information, and other individually identifiable informa
tion. For most clients, the information that was on the computer did not include all of the various types of information.”
