Document Disposal Company Responsible for old Patient Records found in Park

by | Jul 22, 2013 | Data Breach Laws, HIPAA

Document Disposal Company Responsible for old Patient Records found in Park

Over 277,000 patients were notified by Texas Health Harris Methodist Hospital in Fort Worth (“Texas Health Fort Worth”) earlier this month of a breach of their health information.  Only patients seen between 1980 and 1990 whose records were maintained on microfiche are affected or potentially affected by the breach. 

Texas Health Fort Worth’s business associate, document destruction company Shred-It, was contracted to dispose of the old microfiche records. As reported by the Star-Telegram, because the microfiche could not be destroyed on-site, Shred-It was to transfer them to another facility for destruction.  

Somehow “lost” or misdirected during transit, the records found themselves in a park where a concerned citizen found them and contacted the Dallas police.  Records were reportedly found in at least two other public locations, and contained names, addresses, Social Security numbers, birth dates and health information. As Texas Health Fort Worth stated in a press release,   

We have no knowledge that any of the information included on the microfiche has been accessed or used inappropropriately.  Furthermore, microfiche is no longer commonly used and specialized equipment is needed to read the information it contains. 

While certainly it is unlikely that the average Joe has access to microfiche equipment, it is inexcusable that the records wound up in a park, of all places, to begin with. Although Shred-it “assured” Texas Health Fort Worth that it took appropriate action as a result of the incident, Texas Health Fort Worth has switched vendors.  I would expect other hospitals in the area to follow suit. It remains to be seen whether OCR will investigate Shred-it for this incident. 

Share this:

If you are not a subscriber to our backend Legal HIE compliance library, download our Table of Contents here to check out all of the tools, checklists, whitepapers, sample policies we make available to our members to help their organizations comply with Information Blocking, HIPAA, 42 CFR Part 2, Data Breaches and more. Ready to subscribe now? Click here to review our subscription options.

Archives