Geisinger Health System data breach affects 2900 patients (US)

CMIO reports that PA-based Geisinger Health System acknowledged a ‘protected health information’ (PHI) breach affecting 2,928 patients. According to Geisinger’s press release, around 3 November a limited amount of patient data was emailed by a now-former Geisinger system gastroenterologist from his work computer, unencrypted, to home. While it included patient names and procedures, it did not include addresses, telephone number, Social Security numbers or financial information. Patients were notified per their own and HITECH stipulated procedures. While Geisinger was on top of this in days, what is the broader concern?