Dumpster Diving – A Medical Office’s Nightmare
HIPAA (the federal Health Insurance Portability and Accountability Act) passed in 1996, and set in place very specific national standards for the secure storage and disposal of personal, protected health information by medical facilities, insurance companies, and more.
It has been nineteen years since HIPAA went into effect, and somehow medical histories and personal data that should be irreparably destroyed are still being discovered – intact – in unlocked, public-accessible Dumpsters around the country.
In the case of a Chicago-area medical practice earlier this year, medical records dating back to 2004 were discovered behind the offices of the business they hired to store – and later destroy – patient medical files.
The case was brought to the attention of compliance attorneys by a reporter, who discovered an individual hauling thousands of pounds of paper from the Dumpster for recycling.
“Reporters love to Dumpster-dive,” said Michael Kline, an attorney whose practice focuses on corporate and securities law.
To ensure compliance with HIPAA, Kline recommends that medical facilities – and the companies that manage their document storage and destruction – handle medical records “like toxic waste.”
In the Chicago case, the Dumpster in question contained driver’s licenses, Social Security numbers, and other personal information, including patient charts and personal medical histories.
Kline and his partners recommend medical facilities find out for certain that the document destruction company they hire knows what HIPAA law is, and is compliant with all HIPAA and state laws.
In a statement, medical office representatives said, “[we], like many healthcare providers, [rely] on reputable third-party vendors to retain and, when appropriate, securely destroy patient records… We are investigating what may have occurred in this instance and are taking further steps to prevent a recurrence.”
EcoShredding Mobile Document Destruction is not only familiar with HIPAA laws, we exceed requirements to ensure the information contained on any document or hard drive we shred will not be identifiable by anyone. We shred on-site, so you can actually watch as your documents are destroyed.
Call EcoShredding today, for safe, secure document shredding that will keep your business or practice compliant with all HIPAA and consumer privacy laws.