The two affiliated Pennsylvania Medicaid managed care plans that recently reported the loss of a hard drive containing records of more than 285,000 enrollees say they have been working to encrypt all company data, especially information on devices that could potentially leave company headquarters. But, according to the Philadelphia Inquirer, they "make no apology" for their policy of transporting personal health data to community health fairs.

"By having this information readily available, we are able to save lives," Donna Burtanger, vice president of communications for Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan told the Inquirer.

But the initiative to encrypt data hadn't been finished on Sept. 20, when a flash drive with patient-specific information of 285,691 Medicaid beneficiaries went missing, a breach the companies didn't publicly announce until nearly a month later. "That flash drive was never intended to leave the building," according to Burtanger.

Patient Privacy Rights Foundation head Dr. Deborah Peel, contacted by the Inquirer, says it was "grossly irresponsible" to bring patient-specific health information to outside events. Burtanger defends the practice, calling it critical to the company's mission. "We believe this information is so vital that we need to have access to it in the field," the spokeswoman says.

To learn more:
- check out this Philadelphia Inquirer follow-up

Related Articles:
Lost hard drive puts data on 280,000 Medicaid enrollees at risk
Slideshow: 10 Egregious Patient Privacy Breaches
Confidentiality breach: Hospital sent patient records to auto shop
Data breaches: Another opportunity for bad publicity