The Mankato Clinic notified 3,159 patients of a breach of unsecured protected health information after discovering the following event:

• November 2nd the Mankato Clinic was notified that a laptop computer belonging to an employee was stolen out of a vehicle sometime between November 1st and 2nd; the laptop contained a spreadsheet which included personal health information of 3,159 patients and is considered a breach of unsecured protected health information.

• Patient information involved includes; patient’s full name, date of birth, medical record number, healthcare provider’s name, encounter date, and diagnosis information. Fortunately, Social Security numbers and addresses were not included in the information. Log-in access to the computer was password protected. This breach did not include the Mankato Clinic’s electronic health record.

“The Mankato Clinic understands the importance of safeguarding our patients’ personal health information and takes this responsibility very seriously. We have safeguards in place to ensure the privacy and security of all patient health information. To further mitigate this situation the Mankato Clinic is implementing encryption software to all mobile computers, establishing a more stringent mobile computing device security policy and a mandatory staff education program related to improving privacy protection measures,” comments Randy Farrow, CEO of the Mankato Clinic. “The Mankato Clinic regrets that this incident occurred and we sincerely apologize to our impacted patients for this situation and are doing everything possible to rectify the circumstances”.

Patients impacted by this information breach will receive a letter by mail detailing the situation. The Mankato Clinic has trained staff available for those patients to call with any questions related to the data breach. Patients may call 1-800-657-6944 – extension 8633, or 625-1811 extension - 8633 during normal business hours, Monday – Friday from 8am – 5pm, the Clinic is closed on December 24th. No steps by the patients are suggested to protect them from potential harm resulting from the breach of this personal health information as the data involved in this breach did not included any financial information.