If your LSUHSC-NO issued laptop containing PHI has been stolen, what is your next step?

The situation involves the theft of a laptop containing Protected Health Information (PHI), which raises serious concerns about data security and compliance with regulations such as HIPAA. In this case, the most appropriate step is to take immediate action by notifying both local law enforcement and the Privacy Officer.

Notifying law enforcement is essential because it helps document the crime, potentially facilitating the recovery of the stolen property and ensuring that proper investigations can take place. This step is critical for accountability and to establish a record of the incident.

Simultaneously, notifying the Privacy Officer is crucial for compliance purposes. The Privacy Officer is responsible for managing and safeguarding PHI, and they need to be aware of any breaches to take necessary actions to mitigate potential harm. They can initiate notifications to affected individuals and assess whether additional steps are needed to comply with legal obligations regarding data breaches.

Therefore, taking both actions is the best practice to protect the organization and individuals affected by the breach of sensitive information.