Thieves Steal Computer Containing Confidential List of 60 AIDS Victims

A confidential list containing the names of about 60 AIDS patients was stored in a computer stolen from the California AIDS office, officials said Wednesday.

Dr. Alex Kelter, acting deputy director of Public Health, said it would be “virtually impossible” for the thieves to enter the computer’s memory and retrieve the names without knowing a computer password. All data collected by the state on these AIDS patients--as well as thousands of others who have the disease--remains confidential, he insisted.

“I am totally confident that this has not compromised anyone,” Kelter said.

However, several AIDS experts outside state government expressed concern that the theft could undermine efforts to combat the disease. The promise of confidentiality for acquired immune deficiency syndrome patients is a central element in persuading potential AIDS carriers to have themselves tested for exposure to the virus, they said.

“If extremely sensitive information is going to be gathered about people, it has to be protected with the utmost care,” said Bruce Decker, chairman of the California AIDS Advisory Committee. “When information that could deprive an individual of their job, home, family relations or friendships is not necessarily or adequately protected, then all citizens should be concerned.”

The list of about 60 names was stored in the memory of one of three IBM computers stolen from the Sacramento AIDS office Sunday night or early Monday morning, Kelter said.

State police, who are investigating the theft, said they suspect that the burglars stole the computers in order to resell them and were not interested in information about AIDS patients. Three other computer thefts from government offices have been reported in the area in recent months, a police spokeswoman said.

Under state law, county health officials must report AIDS cases to the state. Los Angeles and San Francisco counties, which account for more than 80% of all AIDS cases in California, provide the state with coded numbers, rather than the names of patients, when reporting AIDS cases. However, other counties give the state the names of AIDS patients, along with such data as whether they are homosexuals or intravenous drug users.

All three computers taken in the burglary were used to track the progress of the disease, but only one was used to store confidential information, Kelter said.

Under the AIDS office rules, the data should have been erased from the computer’s memory long ago. However, when state experts reviewed a backup computer tape to see what information was taken in the burglary, Kelter said they found that a list of names and the characteristics of about 60 AIDS patients, dating back more than a year, had never been erased.

“It was intended to be totally purged,” he acknowledged, “and a fragment remains on the disk.”

Unlabled Data

Kelter said it is highly likely that immediately after the theft the burglars erased the entire memory of the computer to eliminate any identifying characteristics of the machine. But even if they had not, he said, the data identifying the AIDS patients was unlabeled, difficult to interpret and virtually inaccessible except to those who know the computer password.

Documents and files in the AIDS office were not taken in the burglary, Kelter said. Another computer containing detailed data on AIDS patients, which was stored in a more secure part of the office, was not stolen.

Dr. Don Francis, an AIDS specialist with the federal Centers for Disease Control, said the burglary highlights the need not only to maintain strict confidentiality but also to prevent discrimination against AIDS patients in the event that confidential information leaks out.

“Confidentiality is not absolute,” Francis said. “If we’re going to bring all these people in and encourage the infected people to come forth, then we have to protect them against inappropriate discrimination.”

Last year, Gov. George Deukmejian vetoed legislation that would have protected AIDS patients from discrimination in housing and employment. The governor said the measure was not needed because AIDS patients are protected under existing laws.

Privacy Standards

Decker, the AIDS committee chairman, said the theft should serve as a reminder to lawmakers of the need for confidentiality. The Legislature is considering a bill that would weaken the strict privacy standards adopted two years ago.

“I would hope that this perhaps innocent burglary would cause those in favor of weakening that confidentiality some pause,” he said.