Medical records sent to Ohio recycling center
Physician Practice Insider, January 12, 2016
A still undetermined number of patients were affected when lab records from Community Mercy Health Partners (CMHP), Springfield, Ohio, were disposed of at a local recycling center. The records were discovered at the recycling center November 26, according to the Dayton Daily News. CMHP has 60 days to determine the number of patients affected and has confirmed that it plans to notify all affected patients, WDTN reported.
The records reportedly include:
- Names
- Dates
- Social Security numbers
- Lab results and requests
Photographs of the records circulated in the media show dates of service ranging from 2005 to 2013.
LeRoy Clouser discovered the discarded records when dropping off items at Clark County Solid Waste District’s North Recycling Station and notified local police of his findings. Although local police contacted CMHP the next day and the hospital secured the majority of the documents, a local news station, WDTN, also obtained some of the documents. WDTN reported that it returned these documents to the hospital.
The records were not intentionally sent to the recycling center, CMHP told the Dayton Daily News. Its policy is to shred paper documents it no longer needs to maintain. CMHP is investigating to determine how the documents ended up at the recycling center and will review its disposal and storage procedures. No incidents of identity theft have been reported yet as a result of the breach, a CMHP representative told the Dayton Daily News.
This is not CMHP’s first breach of the year. Roughly 2,000 patients were affected by a breach in February when invoices meant for other entities were accidentally mailed to six individuals, the Springfield News-Sun reported. The data on the invoices included:
- Names
- Addresses
- Billing codes
- Service dates and locations
- Account balances
The February breach was reported to HHS April 27.
Large-scale cybersecurity attacks often receive the most attention, but a recent NPR report looked at the damage smaller-scale privacy breaches can cause to individuals when personal health data is exposed in their community.
This article was originally published in HIM-HIPAA Insider.
Related Products
Most Popular
- Articles
-
- Math can be tricky: TJC corrects ABHR storage requirement
- Air control equals infection control
- Don't forget the three checks in medication administration
- Five ways to safeguard your patients' valuables
- Note similarities and differences between HCPCS, CPT® codes
- The consequences of an incomplete medical record
- Q&A: Primary, principal, and secondary diagnoses
- OB services: Coding inside and outside of the package
- Skills of effective case managers
- Practice the six rights of medication administration
- E-mailed
-
- Air control equals infection control
- Plan of Care Supports Documentation of Homebound Status
- Q/A: Coding infusions to correct low potassium levels
- Neurological checks for head injuries
- Modifiers and medical necessity
- HIPAA Q&A: Cameras in patient rooms
- Follow these tips to properly report bladder catheter codes
- Examine cardboard boxes stored on floor to avoid infection control, life safety citations
- Differentiate between types of wound debridement
- Consider two options for coding Rho(D) immune globulin given in pregnancy
- Searched