Find Confidential Files at the Dump

Posted on Aug 21, 2010 in Records Management News

Posted by Ron Arden on August 19th, 2010
Posted in: Blog, Data breach, Privacy

Most of the data breaches I read about in the news are from com­puter sys­tems. Either some­one lost a lap­top with patient records or social secu­rity num­bers, or some­one hacked into a server with credit card num­bers. With all the high tech ways of doing things, we may lose sight of the low tech meth­ods of steal­ing information.

Accord­ing to Wikipedia, dump­ster div­ing is the prac­tice of sift­ing through com­mer­cial or res­i­den­tial trash to find items that have been dis­carded by their own­ers, but which may be use­ful to the dump­ster diver. Do you remem­ber the famous scene in the movie Ani­mal House, where Bluto and D-Day go sift­ing through the trash to find the answers to a test every­one is tak­ing? Think about peo­ple doing that look­ing for patient records, social secu­rity num­bers and the like.

A recent arti­cle in the Boston Globe talks about patient infor­ma­tion from four (4) Mass­a­chu­setts hos­pi­tals wind­ing up at a city dump. These were paper doc­u­ments and noth­ing was shred­ded. By law, med­ical records and doc­u­ments with per­son­ally iden­ti­fi­able infor­ma­tion (PII) must be destroyed to pro­tect per­sonal pri­vacy. Send­ing them to the city dump clearly vio­lates the law. Some­one wasn’t thinking.

This sounds like a chain of cus­tody prob­lem that attor­neys and oth­ers in the legal and law enforce­ment pro­fes­sions face. Think about all the peo­ple and orga­ni­za­tions that touch a patient’s con­fi­den­tial infor­ma­tion. An insur­ance com­pany has social secu­rity num­bers and patient pro­ce­dures, so they can pay claims. The doc­tors and nurses involved in care have infor­ma­tion on diag­no­sis and treat­ments. If a phar­macy is involved, they know about pre­scrip­tions. Admis­sions and billing peo­ple know all about patient records so they can admit patients and bill insur­ance com­pa­nies. Some of the peo­ple may be inter­nal to a hos­pi­tal or med­ical prac­tice and many may be out­side ser­vice providers. The num­ber of peo­ple who can access your and my med­ical records is very large. And how they han­dle that infor­ma­tion is important.

Much of this infor­ma­tion is elec­tronic, but the vast major­ity also exists on paper. Between fill­ing out admis­sions forms in a wait­ing room to receiv­ing an EOB (expla­na­tion of ben­e­fits) form in the mail, your infor­ma­tion is every­where. At least at home, you and I can make sure we shred any papers with this infor­ma­tion, but when it comes to our providers, we have to trust that they are tak­ing the same precautions.

It is impor­tant to lock down your com­puter sys­tems against hack­ers and insider threats, but we need to make sure that the old fash­ioned ways of steal­ing con­fi­den­tial infor­ma­tion are put out of busi­ness. Using a $50 shred­der could save a lot of grief. As I always say to my kids, “Take a minute to think before you act”.

Read more: http://www.linkedin.com/news?viewArticle=&articleID=175122399&gid=52423&type=member&item=27623434&articleURL=http://edocumentsciences.com/find-confidential-files-at-the-dump&urlhash=jxgV&goback=.gde_52423_member_27623434

Com­pli­ments of File­Man Research