Dedicated to providing the latest
HIPAA compliance news

Improper Disposal of PHI Discovered by Minneapolis Heart Institute

Share this article on:

A member of a cleaning crew at the Minneapolis Heart Institute at Abbott Northwestern Hospital accidentally disposed of documents containing PHI with regular trash.

Minneapolis Heart Institute has policies and procedures in place that require all documents containing sensitive patient health information to be securely destroyed in accordance with HIPAA Rules. However, a member of the cleaning team was discovered to have emptied a trash container from a physician’s private office before documents could be securely shredded.

The incident was discovered on January 20, 2017, although not in time for the documents to be recovered and securely destroyed. The documents had been emptied into a bin bag which was placed in a regular recycling dumpster at the hospital.

It is unclear at this stage how many individuals have been impacted, although as a precaution, the Minneapolis Heart Institute is notifying all patients who were part of the physician’s service group between April 17, 2016 and January 17, 2017. Those individuals have been offered credit monitoring and identity theft protection services without charge for a period of 12 months, even though the risk of any PHI being accessed by unauthorized individuals is believed to be very low.

The documents contained PHI including names, addresses, birth dates, medical record numbers, clinical data, and health insurance information. Some health insurers use Social Security numbers as health plan identifiers; therefore, some Social Security numbers may also have been on the documents.

The incident shows that policies and procedures alone will not always prevent breaches of this nature from occurring. However, the action taken following the incident by Allina Health, which operates Abbott Northwestern Hospital, should prevent any further such incidents from occurring in the future.

Allina Health has removed all desk-side recycling bins and has replaced them with locked shredding bins. Now, all documents will be sent for shredding, irrespective of whether they contain sensitive data. An employee education program has also been conducted to advise employees of the need to shred all paperwork and Allina Health’s safeguards policy has also been reinforced, highlighting the importance of the correct disposal of documents.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On