A laptop was stolen from the car of an employee. The laptop contained PHI on 4,300 patients and included Social Security numbers. The employee who left the laptop in the car notified you immediately when the breach occurred. The data were not encrypted but the laptop is password protected
1. What privacy and security violations have occurred?
2. What should the facility do now?
3. Who should be notified of the breach?
4. What method(s) of notification should be used?