25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

2,859 Patients Impacted by Improper Disposal at St. Thomas Rutherford Hospital

Posted By on Jun 22, 2017

This month, North Dakota Department of Human Services and Texas Health and Human Services have both reported that patients’ protected health information has been disposed of improperly. Today, another HIPAA-covered entity – Saint Thomas Rutherford Hospital in Murfreesboro, TN – has reported a similar incident.

Documents containing the protected health information of almost 3,000 patients were discovered to have been abandoned by the side of a remote, rural road in DeKalb County in April. The documents were discovered by a member of the public.

Upon being notified of the discarded reports, St Thomas Rutherford Hospital immediately launched an investigation but it is currently unclear how the documents were discarded and who was responsible.

The documents were reports on a sample of 2,859 patient census reports and date between 2009 and 2010.  Affected patients have now been notified of the privacy breach by mail and the incident has been reported to all appropriate authorities.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The documents contained no medical records or Social Security numbers, only each patient’s name, admitting diagnosis, date of birth, physician’s name and account number. Due to the limited nature of data in the documents, Saint Thomas Rutherford hospital does not believe patients face any additional financial risk as a result of the breach.

Cynthia Figaro, Corporate Responsibility Officer and Corporate Privacy Officer of Saint Thomas Health issued a statement about the incident in which she confirmed, “Protecting the privacy of our patient’s information is always a top priority for us at Saint Thomas Health and Ascension,” and sincerely apologized to patients for the privacy violation.

The investigation confirmed that no further disclosures of patient information have occurred and a third-party firm has been contracted to ensure all storage files are appropriately secured until they can be permanently destroyed in accordance with Health Insurance Portability and Accountability Act Rules.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist