updated 4/3/2008 6:12:00 PM ET 2008-04-03T22:12:00

If there's one person whose medical records you wouldn't want to lose track of, it's the co-chairman of the congressional caucus that focuses on protecting consumers' privacy.

  1. Don't miss these Health stories
    1. Splash News
      More women opting for preventive mastectomy - but should they be?

      Rates of women who are opting for preventive mastectomies, such as Angeline Jolie, have increased by an estimated 50 percent in recent years, experts say. But many doctors are puzzled because the operation doesn't carry a 100 percent guarantee, it's major surgery -- and women have other options, from a once-a-day pill to careful monitoring.

    2. Larry Page's damaged vocal cords: Treatment comes with trade-offs
    3. Report questioning salt guidelines riles heart experts
    4. CDC: 2012 was deadliest year for West Nile in US
    5. What stresses moms most? Themselves, survey says

But that's whose medical records went missing.

Rep. Joe Barton was one of 3,000 patients whose records may have been breached when a National Institutes of Health laptop was stolen in late February from the trunk of a vehicle.

Barton was enrolled in a cardiac study, and the password-protected records on the computer contained patient names, diagnoses of heart disease, MRI heart scans and birth dates — but not Social Security numbers, addresses or phone numbers.

Ironically, Barton is one of the founders of the Congressional Privacy Caucus, which has as its mission the education of members of Congress and their staffs on matters of individual privacy. One of its first forums in 2001 was titled: "Has Your E-mail Been Bugged?"

The Texas Republican learned of the potential breach through press reports March 24. Democratic colleagues alerted him that day that the House Energy and Commerce Committee would be investigating the matter. He had no idea that he had a personal stake until a Fed-Ex parcel arrived at his Texas home four days later notifying him that his records were lost.

"I was stunned," said Barton, the ranking Republican on the Energy and Commerce panel. The committee has jurisdiction over many of the health issues that come before Congress.

Barton had a heart attack in December 2005.

Barton said he's already sensitive to privacy concerns, and that this incident will make him more aggressive in pushing legislation to increase privacy protections. "Maybe it's a sign from heaven that the time for this type of legislation has arrived," Barton said.

Barton said his case raised numerous questions that could be addressed through legislation.

"The information was not encrypted. I don't believe it was supposed to be left unattended. I don't believe it was supposed to be left outside the building," he said. "There are a whole lot of things that shouldn't have happened."

The laptop, which had been in the possession of an NIH researcher, is still missing.

Barton and a Republican colleague on the committee, Rep. John Shimkus of Illinois, on Thursday asked the inspector general for the Health and Human Services Department to investigate why the personal data on the laptop was not encrypted and why the NIH delayed disclosure of the breach.

"In the interest of protecting the NIH's ability to recruit future participants for clinical trials, we believe there should be an examination — independent of any NIH internal review — of the circumstances surrounding the February 2008 theft, why the information was not encrypted and why the NIH delayed disclosure for almost a month."

Health and Human Services Secretary Mike Leavitt made a similar request Thursday and also talked to Barton about the case.

Christina Pearson, spokeswoman for the department, said officials regret any hardships that the loss of the records may have caused. While it's too soon to speak about legislation, she said the department was conducting an investigation to determine the facts in the case.

"We're committed to making sure similar incidents do not occur in the future," Pearson said.

Among those steps will be to instruct staff on policies concerning data security and the importance of adhering to those policies, she said.

Copyright 2008 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments