Medical records sent to Ohio recycling center
HIM-HIPAA Insider, December 28, 2015
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
A still undetermined number of patients were affected when lab records from Community Mercy Health Partners (CMHP), Springfield, Ohio, were disposed of at a local recycling center. The records were discovered at the recycling center November 26, according to the Dayton Daily News. CMHP has 60 days to determine the number of patients affected and has confirmed that it plans to notify all affected patients, WDTN reported.
The records reportedly include:
- Names
- Dates
- Social Security numbers
- Lab results and requests
Photographs of the records circulated in the media show dates of service ranging from 2005 to 2013.
LeRoy Clouser discovered the discarded records when dropping off items at Clark County Solid Waste District’s North Recycling Station and notified local police of his findings. Although local police contacted CMHP the next day and the hospital secured the majority of the documents, a local news station, WDTN, also obtained some of the documents. WDTN reported that it returned these documents to the hospital.
The records were not intentionally sent to the recycling center, CMHP told the Dayton Daily News. Its policy is to shred paper documents it no longer needs to maintain. CMHP is investigating to determine how the documents ended up at the recycling center and will review its disposal and storage procedures. No incidents of identity theft have been reported yet as a result of the breach, a CMHP representative told the Dayton Daily News.
This is not CMHP’s first breach of the year. Roughly 2,000 patients were affected by a breach in February when invoices meant for other entities were accidentally mailed to six individuals, the Springfield News-Sun reported. The data on the invoices included:
- Names
- Addresses
- Billing codes
- Service dates and locations
- Account balances
The February breach was reported to HHS April 27.
Large-scale cybersecurity attacks often receive the most attention, but a recent NPR report looked at the damage smaller-scale privacy breaches can cause to individuals when personal health data is exposed in their community.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Residency coordinators’ responsibilities
- RPA Subscriber Exclusive: February issue of Residency Program Alert now available
- Study: Shorter shifts reduces residents’ attentional failures
- Practice the six rights of medication administration
- Editor’s note
- The consequences of an incomplete medical record
- Nursing responsibilities for managing pain
- Note similarities and differences between HCPCS, CPT® codes
- Q&A: Primary, principal, and secondary diagnoses
- E-mailed
-
- White Paper: Postacute CDI: An Introduction to Long-Term Acute Care Hospitals
- Use modifiers -59, -91 to "explain" duplicate codes
- Tim Porter-O'Grady sounds off
- Q: Can you clarify the reporting of dates on the plan of care for diagnosis onset and exacerbation?
- ICD-10-CM coma, stroke codes require more specific documentation
- Fracture coding in ICD-10-CM requires greater specificity
- Eight tips to improve MRI throughput
- Searched