Rep. Joe Barton (R-Tex.), the ranking minority member on the House Energy and Commerce Committee, revealed yesterday that he is among the approximately 3,000 heart patients whose medical information was potentially exposed to public scrutiny when an unencrypted government laptop was stolen in February from the car of a National Institutes of Health researcher.
In a letter to be released today, Barton asks Health and Human Services Department’s inspector general to investigate the Feb. 23 theft and the agency’s handling of the affair, noting that, “in the interest of full disclosure,” he is personally affected.
Among the questions raised in the letter is whether the NIH has an adequate system for contacting patients affected by such events. Barton and others were not notified of the breach until last week because of agency record-keeping problems. At least one patient said he found out only after contacting the NIH.
Michael Cronin, 42, of Fairfax, said he learned of the problem from a news report and e-mailed four NIH officials before finally gleaning from the agency on March 27 that his records had been on the laptop. He said he was told the agency could not contact him because it had his address wrong.
Cronin, who participated in the seven-year-old study in 2005 and 2006, said the agency had sent him mail in 2006 and that he had not moved since then. “And today they say they had an incorrect address?” he asked.
Similarly unclear is why the computer was not encrypted, as required by federal rules, and why the NIH’s tally of affected patients was initially short by more than 500. The agency said March 21 that 2,500 patients were affected, but on Monday it raised that number to 3,078. NIH spokesman John T. Burklow said yesterday that a “clerical error” was to blame and that letters went out to the last affected people by March 28.
Questions also surround the circumstances of the theft, which occurred from the trunk of the researcher’s car while it was parked for four hours in an open lot in Germantown, according to a Montgomery County police report.
In the report, the researcher asserts that the vehicle was locked. But it also says that “there were no signs of forced entry.”
Two professional insurance adjusters contacted by The Washington Post, who spoke on the condition of anonymity because of the sensitivity of the case, said it is possible, but rare, for thieves to break into cars without leaving a trace.
Owners often report that a car was locked when in fact it was not, one said, because of the perception — generally incorrect — that their claim will be rejected if they admit that the car was unsecured.
Burklow, the NIH spokesman, said that the researcher, Andrew Arai of the National Heart, Lung and Blood Institute, is adamant that the car was locked.