Committee on Energy and Commerce, Democrats Home Page
Who We Are Schedule What's New
Magnify Text
none | +1 | +2
In This Section
» View by Date

View by Subject:
» Air Quality
» Commerce and Trade
» Consumer Protection
» Energy
» Environment and Hazardous Materials
» Health
» Oversight
» Telecommunications
Contact Information

Committee on Energy and Commerce
2125 Rayburn House Office
Building, Washington, DC 20515

Phone: (202) 225-2927

Contact Us  »

Home »

View Printable Version
Outline of the top of the U.S. Capitol Dome

 

NEWS RELEASE

Committee on Energy and Commerce
Rep. John D. Dingell, Chairman

For Immediate Release: March 24, 2008
Contact: Jodi Seth or Brin Frazier, 202-225-5735

 

Committee to Probe Breakdowns in NIH Security

Dingell, Stupak Launch Investigation into “Stunning Failure” to Protect Patients’ Personal and Medical Information

Washington, D.C. – Rep. John D. Dingell (D-MI), Chairman of the Committee on Energy and Commerce, and Rep. Bart Stupak (D-MI), Chairman of the Subcommittee on Oversight and Investigations, today announced they are opening an investigation into operations within the Department of Health and Human Services (HHS) and National Institutes of Health (NIH) following the theft of a government laptop containing sensitive medical information of 2,500 patients enrolled in an NIH study. Although the laptop was stolen on February 23, NIH officials made no public comment about the theft and did not send letters notifying the affected patients until March 20. The patients’ personal and medical information contained on the laptop was not encrypted, in violation of the government’s data-security policy.

“The stunning failure to act, by both NIH and HHS, raises troubling questions,” said Dingell. “One of the key questions is why these agencies took so long to inform clinical study participants that their personal and medical information has been compromised. There has been a clear violation of government policy, as well as a failure to protect sensitive information and alert those affected by this security breach. The Committee will exercise vigorous oversight to ensure NIH and HHS protect the security of patients participating in clinical studies. We will be seeking information to determine what safeguards are in place, where the system broke down and how best to fix it. Additionally, we are curious as to what the Institutional Review Board will do now to protect its patients and plan to determine whether all NIH IRBs have policies in place to address this type of security breach.”

“It is troubling that yet another government agency has failed to protect their computers resulting in the loss of sensitive medical records for 2,500 patients,” said Stupak. “The theft of a government laptop from an NIH employee and the subsequent mishandling of the situation raise serious questions about the agency’s commitment to data security. The Committee will investigate this incident and find out why the most basic security procedures were not followed.”

- 30 -

Prepared by the Committee on Energy and Commerce
2125 Rayburn House Office Building, Washington, DC 20515