Share this article on:
This month, North Dakota Department of Human Services and Texas Health and Human Services have both reported that patients’ protected health information has been disposed of improperly. Today, another HIPAA-covered entity – Saint Thomas Rutherford Hospital in Murfreesboro, TN – has reported a similar incident.
Documents containing the protected health information of almost 3,000 patients were discovered to have been abandoned by the side of a remote, rural road in DeKalb County in April. The documents were discovered by a member of the public.
Upon being notified of the discarded reports, St Thomas Rutherford Hospital immediately launched an investigation but it is currently unclear how the documents were discarded and who was responsible.
The documents were reports on a sample of 2,859 patient census reports and date between 2009 and 2010. Affected patients have now been notified of the privacy breach by mail and the incident has been reported to all appropriate authorities.
The documents contained no medical records or Social Security numbers, only each patient’s name, admitting diagnosis, date of birth, physician’s name and account number. Due to the limited nature of data in the documents, Saint Thomas Rutherford hospital does not believe patients face any additional financial risk as a result of the breach.
Cynthia Figaro, Corporate Responsibility Officer and Corporate Privacy Officer of Saint Thomas Health issued a statement about the incident in which she confirmed, “Protecting the privacy of our patient’s information is always a top priority for us at Saint Thomas Health and Ascension,” and sincerely apologized to patients for the privacy violation.
The investigation confirmed that no further disclosures of patient information have occurred and a third-party firm has been contracted to ensure all storage files are appropriately secured until they can be permanently destroyed in accordance with Health Insurance Portability and Accountability Act Rules.