Privacy advocate’s health data is stolen: Lawmaker’s medical records nabbed along with government laptop
f there’s one person whose medical records you wouldn’t want to lose track of, it’s the co-chairman of the congressional caucus that focuses on protecting consumers’ privacy.
But that’s whose medical records went missing.
Rep. Joe Barton was one of 3,000 patients whose records may have been breached when a National Institutes of Health laptop was stolen in late February from the trunk of a vehicle.
Barton was enrolled in a cardiac study, and the password-protected records on the computer contained patient names, diagnoses of heart disease, MRI heart scans and birth dates — but not Social Security numbers, addresses or phone numbers.
Ironically, Barton is one of the founders of the Congressional Privacy Caucus, which has as its mission the education of members of Congress and their staffs on matters of individual privacy. One of its first forums in 2001 was titled: “Has Your E-mail Been Bugged?”
The Texas Republican learned of the potential breach through press reports March 24. Democratic colleagues alerted him that day that the House Energy and Commerce Committee would be investigating the matter. He had no idea that he had a personal stake until a Fed-Ex parcel arrived at his Texas home four days later notifying him that his records were lost.
“I was stunned,” said Barton, the ranking Republican on the Energy and Commerce panel. The committee has jurisdiction over many of the health issues that come before Congress.
Barton had a heart attack in December 2005.
Barton said he’s already sensitive to privacy concerns, and that this incident will make him more aggressive in pushing legislation to increase privacy protections. “Maybe it’s a sign from heaven that the time for this type of legislation has arrived,” Barton said.
Barton said his case raised numerous questions that could be addressed through legislation.
“The information was not encrypted. I don’t believe it was supposed to be left unattended. I don’t believe it was supposed to be left outside the building,” he said. “There are a whole lot of things that shouldn’t have happened.”
The laptop, which had been in the possession of an NIH researcher, is still missing.
Barton and a Republican colleague on the committee, Rep. John Shimkus of Illinois, on Thursday asked the inspector general for the Health and Human Services Department to investigate why the personal data on the laptop was not encrypted and why the NIH delayed disclosure of the breach.
“In the interest of protecting the NIH’s ability to recruit future participants for clinical trials, we believe there should be an examination — independent of any NIH internal review — of the circumstances surrounding the February 2008 theft, why the information was not encrypted and why the NIH delayed disclosure for almost a month.”
Health and Human Services Secretary Mike Leavitt made a similar request Thursday and also talked to Barton about the case.