Rep. Markey Questions Lack of Encryption, Notification Delay

WASHINGTON, D.C. – Representative Edward J. Markey (D-MA), co-chairman of the Bi-Partisan Congressional Privacy Caucus, pressed Secretary of Health and Human Services Michael Leavitt today for more information about the theft of a National Institutes of Health (NIH) laptop containing sensitive medical information on 2,500 patients. The theft was reported by the Washington Post this morning.

"Personal medical data is among the most private information we have about ourselves. Today's reported theft raises serious questions, and I look forward to receiving a full explanation of the significant missteps that occurred here and the measures that will be taken to prevent future breaches," said Rep. Markey.

Rep. Markey's letter asks for a prompt response to several detailed questions, including:

  • Why was the information contained on the laptop not encrypted?
  • Why were individuals whose personal information was breached as a result of the laptop theft not immediately notified? 
  • What steps will the Department take to ensure that all personally-identifiable information maintained by the Department and its contractors is secured in compliance with federal requirements?
  • What assistance will the Department provide individuals whose personal information was breached as a result of the laptop?
  • What breaches have occurred in each of the past 3 years and how has the Department responded?

"The NIH embodies our country's hope for treating or curing debilitating diseases like heart disease, Alzheimer's, cystic fibrosis, diabetes, cancer and so many other illnesses that American families battle every day. The handling of this data theft not only violates the trust of study participants but may also undermine efforts to enroll participants in future clinical trials important to public health and research," concluded Rep. Markey.

Rep. Markey has co-authored, with Representative Rahm Emanuel (D-IL), legislation to promote the use of information technology within our health care system while protecting the privacy and security of Americans' personal medical information. The legislation, the Technologies for Restoring Users' Security and Trust (TRUST) in Health Information Act, is H.R. 5442.

Full text of Rep. Markey’s letter to Sec. Leavitt is available HERE.

March 24, 2008

CONTACT: Jessica Schafer, 202.225.2836