HSC records lost in June fire

Posted on Aug 26, 2010 in Records Management News

The exact cause of the fire is unde­ter­mined, but the inves­ti­ga­tion is focus­ing on the roof top air con­di­tioner where the fire may have begun and spread rapidly. Tem­per­a­tures are believed to have reached well over 2,000 degrees, accord­ing to the Albu­querque Fire Depart­ment.
Most of the con­tents were
destroyed in the build­ing, as the fire con­tin­ued through­out the day, fill­ing the streets with heavy smoke.
“In order to deter­mine the scope of the dam­age, UNM HSC acti­vated its emer­gency oper­a­tions com­mand (EOC) to address imme­di­ate patient care and staff needs and to com­plete an inven­tory of the records lost in the fire,” Porto said.

The fire con­tin­ued to smol­der until July 3, until it reignited and burned for another 26 hours. As a result, fire­fight­ers soaked with water the remain­ing con­tents to pre­vent fur­ther damage.

The ware­house stored patient med­ical records from the UNM HSC cre­ated before 2005, when the hos­pi­tals switched to dig­i­tal record stor­age.
HSC also began scan­ning old records into a dig­i­tal for­mat five years ago, Porto said, but it is still unknown how much of the lost records were scanned.

Paul Roth, UNM exec­u­tive vice pres­i­dent for Health Sci­ences, said the inci­dent is unfor­tu­nate but could have been worse.
“We are deeply sad­dened by this unfor­tu­nate event,” he said in a press release. “Had we not ded­i­cated our­selves to switch­ing to a totally dig­i­tal record sys­tem five years ago, this could have been far worse.”

The ware­house, owned by a Texas land­lord, was leased by a pri­vate con­trac­tor under con­tract with the HSC and UNMH to store records.
The dam­aged and destroyed records at the ware­house site were secured imme­di­ately after the fire was ini­tially extin­guished and have been secure ever since, an HSC state­ment said. Dam­aged records will be dis­posed of accord­ing to the require­ments set forth in the Health Insur­ance Porta­bil­ity and Account­abil­ity Act of 1996.

HSC has devel­oped pro­ce­dures to inform peo­ple who request copies of past med­ical records that the records were destroyed in the fire and give them a doc­u­ment cer­ti­fy­ing that fact.

Read more: http://www.dailylobo.com/index.php/article/2010/08/hsc_records_lost_in_june_fire

Com­pli­ments of File­Man Research

Read More

Find Confidential Files at the Dump

Posted on Aug 21, 2010 in Records Management News

Posted by Ron Arden on August 19th, 2010
Posted in: Blog, Data breach, Privacy

Most of the data breaches I read about in the news are from com­puter sys­tems. Either some­one lost a lap­top with patient records or social secu­rity num­bers, or some­one hacked into a server with credit card num­bers. With all the high tech ways of doing things, we may lose sight of the low tech meth­ods of steal­ing information.

Accord­ing to Wikipedia, dump­ster div­ing is the prac­tice of sift­ing through com­mer­cial or res­i­den­tial trash to find items that have been dis­carded by their own­ers, but which may be use­ful to the dump­ster diver. Do you remem­ber the famous scene in the movie Ani­mal House, where Bluto and D-Day go sift­ing through the trash to find the answers to a test every­one is tak­ing? Think about peo­ple doing that look­ing for patient records, social secu­rity num­bers and the like.

A recent arti­cle in the Boston Globe talks about patient infor­ma­tion from four (4) Mass­a­chu­setts hos­pi­tals wind­ing up at a city dump. These were paper doc­u­ments and noth­ing was shred­ded. By law, med­ical records and doc­u­ments with per­son­ally iden­ti­fi­able infor­ma­tion (PII) must be destroyed to pro­tect per­sonal pri­vacy. Send­ing them to the city dump clearly vio­lates the law. Some­one wasn’t thinking.

This sounds like a chain of cus­tody prob­lem that attor­neys and oth­ers in the legal and law enforce­ment pro­fes­sions face. Think about all the peo­ple and orga­ni­za­tions that touch a patient’s con­fi­den­tial infor­ma­tion. An insur­ance com­pany has social secu­rity num­bers and patient pro­ce­dures, so they can pay claims. The doc­tors and nurses involved in care have infor­ma­tion on diag­no­sis and treat­ments. If a phar­macy is involved, they know about pre­scrip­tions. Admis­sions and billing peo­ple know all about patient records so they can admit patients and bill insur­ance com­pa­nies. Some of the peo­ple may be inter­nal to a hos­pi­tal or med­ical prac­tice and many may be out­side ser­vice providers. The num­ber of peo­ple who can access your and my med­ical records is very large. And how they han­dle that infor­ma­tion is important.

Much of this infor­ma­tion is elec­tronic, but the vast major­ity also exists on paper. Between fill­ing out admis­sions forms in a wait­ing room to receiv­ing an EOB (expla­na­tion of ben­e­fits) form in the mail, your infor­ma­tion is every­where. At least at home, you and I can make sure we shred any papers with this infor­ma­tion, but when it comes to our providers, we have to trust that they are tak­ing the same precautions.

It is impor­tant to lock down your com­puter sys­tems against hack­ers and insider threats, but we need to make sure that the old fash­ioned ways of steal­ing con­fi­den­tial infor­ma­tion are put out of busi­ness. Using a $50 shred­der could save a lot of grief. As I always say to my kids, “Take a minute to think before you act”.

Read more: http://www.linkedin.com/news?viewArticle=&articleID=175122399&gid=52423&type=member&item=27623434&articleURL=http://edocumentsciences.com/find-confidential-files-at-the-dump&urlhash=jxgV&goback=.gde_52423_member_27623434

Com­pli­ments of File­Man Research

Read More