Palo Alto Non-Profit Responds to Theft of Medical Records

As word continued to spread Monday of the theft of sensitive personal information from a Palo Alto non-profit that works with emotionally troubled and developmentally challenged children, some parents double-checked their bank and credit card statements for signs of identity theft or fraud.

Palo Alto police said Monday that -- so far -- no one had reported any unusual credit activity or other evidence that information that had been entrusted to the Children's Health Council was being used illegally.

"If someone started using the information, that would provide us with a wealth of leads," said Sgt. Ron Watson, who confirmed their investigator doesn't have any suspects. "It's good and bad, of course. It's good for an investigation and bad for the person whose identity is used."

Police said they were in the process of interviewing anyone who had access to the computer hard drive and backup tape that contained the data.

That was little solace to parents with children who currently or previously have received services at the Children's Health Council or attend its school. They said they felt extremely vulnerable and wondered if the information, which was reported stolen after the Labor Day weekend, had been appropriately secured.

"We may not know about this for years -- my son has no credit," said a Campbell woman whose son has long attended CHC. "Frankly, it's scary, and I feel violated."

The stolen data contained birth dates and Social Security numbers as well as psychiatric, health and financial information for about 5,000 clients, and payroll information for about 700 past and present employees.

A Los Altos woman, whose son just graduated from CHC, said she was checking to see if anyone had accessed her son's bank account.

"I'll check and check again -- big time," she said. "It makes us feel so vulnerable."

She said the CHC incident isn't her first run-in with potential identity theft; some charts had recently been stolen from a doctor's office she worked in, and someone once stole her confidential information to go shopping at J.C. Penney, the woman said.

"This stuff seems like it's going on all over."

A survey by the Federal Trade Commission showed there were 635,000 reports of identity theft last year, with losses of $547 million. A recent study by a Bay Area consulting firm placed that number far higher: more than 9 million victims annually, according to Javelin Strategy and Research. Local examples abound. For example, two computers with confidential information on 185,000 current and former patients were stolen in March from San Jose Medical Group. The disk was later recovered, and a former employee was charged.

Officials and police said the computer drive stolen from the Children's Health Council was taken sometime between Sept. 3 and Sept. 7 from a locked computer room with no windows, located within a locked and alarmed building. There were no signs of forced entry. Nothing else seemed to have been taken.

Since the theft, CHC has installed extra security measures, according to Stephen Joffe, executive director.

The lock on the room has been changed. The number of people with a key to it has been reduced from about 15 to three. A keypad alarm system in the room has been installed.

CHC officials are also considering installing security cameras and thumb print locks.

Still, some parents interviewed were unhappy such precautions hadn't been in place sooner.

At least two parents said they also were upset that they found out about the theft from news reports Monday. The agency sent out letters to parents late last week, Joffe said.

(c) 2005 Associated Press