Personal documents including medical records were found in a dumpster in Taylorsville, Utah. The incident may cause potential data breach. According to the reports, the records appear to have come from Positive Adjustments, an out-of-business drug and alcohol rehabilitation clinic.
Dr. Scott Cold, DDS, mentioned that his contractor found the documents in a dumpster being used for construction waste.
“These documents for these records were complete with patients names, addresses, phone numbers, dates of birth, Social Security numbers, court documents, treatment documents, all dumped in my dumpster illegally,” Cold said.
As per the other tenants in the building where Positive Adjustments was located, the clinic has been empty for about six months. Cold notified police after finding the documents, but law enforcement said that it would be difficult to pursue charges beyond illegal dumping.
It is essential that PHI security remain a top priority even when a facility changes location. While a specific disposal method is not outlined in the HIPAA Privacy and Security Rules, putting PHI – in any form – in easily accessible areas is not acceptable.
“Covered entities must review their own circumstances to determine what steps are reasonable to safeguard PHI through disposal, and develop and implement policies and procedures to carry out those steps,” according to HHS. “In determining what is reasonable, covered entities should assess potential risks to patient privacy, as well as consider such issues as the form, type, and amount of PHI to be disposed.”
Get your personal as well as office laptops encrypted by Alertsec
Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.
Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.