• E-mail
• Print
• RSS

Medical records sent to Ohio recycling center

HIM-HIPAA Insider, December 28, 2015

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

A still undetermined number of patients were affected when lab records from Community Mercy Health Partners (CMHP), Springfield, Ohio, were disposed of at a local recycling center. The records were discovered at the recycling center November 26, according to the Dayton Daily News. CMHP has 60 days to determine the number of patients affected and has confirmed that it plans to notify all affected patients, WDTN reported.

The records reportedly include:

• Names
• Dates
• Social Security numbers
• Lab results and requests

Photographs of the records circulated in the media show dates of service ranging from 2005 to 2013.

LeRoy Clouser discovered the discarded records when dropping off items at Clark County Solid Waste District’s North Recycling Station and notified local police of his findings. Although local police contacted CMHP the next day and the hospital secured the majority of the documents, a local news station, WDTN, also obtained some of the documents. WDTN reported that it returned these documents to the hospital.

The records were not intentionally sent to the recycling center, CMHP told the Dayton Daily News. Its policy is to shred paper documents it no longer needs to maintain. CMHP is investigating to determine how the documents ended up at the recycling center and will review its disposal and storage procedures. No incidents of identity theft have been reported yet as a result of the breach, a CMHP representative told the Dayton Daily News.

This is not CMHP’s first breach of the year. Roughly 2,000 patients were affected by a breach in February when invoices meant for other entities were accidentally mailed to six individuals, the Springfield News-Sun reported. The data on the invoices included:

• Names
• Addresses
• Billing codes
• Service dates and locations
• Account balances

The February breach was reported to HHS April 27.

Large-scale cybersecurity attacks often receive the most attention, but a recent NPR report looked at the damage smaller-scale privacy breaches can cause to individuals when personal health data is exposed in their community.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

• E-mail to a Colleague
• Print
• RSS
• Archive