HHC said the breach involves a reported theft of electronic record files that contained PHI, personal information, and personally identifiable employee medical information (PIEMI).
The loss of this data, HHC said, occurred through the negligence of a "contracted firm that specializes in the secure transport and storage of sensitive data." In other words, the breach is attributed to a BA of HHC.
An HHC spokesman said in an e-mail to HealthLeaders Media that the van is owned by an information-management company the corporation hired to handle patient records -- GRM Information Management Services, a contracted firm that specializes in the secure transport and storage of sensitive data.
As a result of this theft, HHC said it took additional actions to further secure the transport of backup data off-site, including: