ELYRIA — The Elyria Police Department is working to obtain the computer left behind by a local doctor that is now in the hands of a Wakeman woman.
Elyria Capt. Chris Costantino said the department is not involved because of anything criminal, but it will reach out to 35-year-old Jennifer Goldauskas in hopes of acquiring the computer and ensuring personal medical records are erased.
Goldauskas came to possess the computer from the former office of Dr. Chuka Onyeneke when the family doctor moved from Cleveland Street to North Abbe Road. The computer was left in the Cleveland Street office, which was home to his office for more than 15 years.
The owner of the building had the office cleaned, and Goldauskas’ fiance salvaged the computer. They quickly discovered it contains a massive amount of patient information dated between January 1996 and December 2012.
A call from a woman who believes her information was stored on the computer prompted the police to get involved.
“We just want to make sure the hard drive has been cleared and if she needs help in doing that we can assist with that,” Costantino said. “Naturally, people are concerned with the information that is out there and we just want to alleviate some of those concerns.”
Goldauskas said she thought the computer was wiped clean before she received it and decided to come forward instead of finding Onyeneke and returning the computer because she found it to be a major breach of patient privacy.
Her information also was stored on the computer, which she learned when she brought the computer to The Chronicle-Telegram to verify that the records were there.
It is unknown at this time if Onyeneke will face any fallout because of the federal law known as the Health Insurance Portability and Accountability Act of 1996. The HIPPA law gives patient the right to have their medical information protected with care taken to ensure it is not given out to anyone without permission.
Onyeneke has said he did not realize a computer had been left there, and that he thought the information all was password protected.
Rachel Seeger, spokeswoman with the U.S. Office of Civil Rights, said in an e-mail that the federal office could not opine on whether the incident constitutes a HIPPA violation.
The message did explain some of the nuances of the law. It said, following the discovery of a breach of unsecured protected health information affecting 500 or more individuals, a HIPAA covered entity is required to notify all affected individuals and the secretary of Health and Human Services within 60 days. If the breach affects more than 500 persons, the media must also be notified.
Penalties for HIPPA violation are based on three-tier system that looks at culpability. The penalties range from $100 per violation up to $50,000 percent violation.
People who believe their health information privacy rights have been violated can file a compliant online.
The Office of Civil Rights enforces the HIPPA privacy rule and investigates violation claims.