HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Documents Containing PII Discovered in Used Office Furniture

Prior to disposing or selling office furniture, HIPAA-covered entities should ensure that all drawers and compartments are inspected for any stray documents containing sensitive information. The failure to conduct a thorough check could easily result in a HIPAA breach or privacy violation. Such an incident has recently occurred in Branchburg in Somerset County, NJ.

As reported by News 12 New Jersey, a printing company in Branchburg purchased used office furniture and discovered one of the cabinets contained hundreds of documents containing highly sensitive information.

The owners of printing firm Sublimation 101, found a stack of Employment Eligibility Verification (I-9) forms containing sensitive information such as names, contact telephone numbers, home addresses together with photocopies of Social Security cards, passports, and driver’s licenses – A treasure trove of information that could be used for identity theft and fraud.

The documents appear to have come from a health group in New Jersey – Presumably the former owner of the furniture. Michael Kaminsky, owner of the printing firm, told News 12 New Jersey, “We know about identity theft. We have great companies that protect us but we as Americans have to protect each other.”

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The printing firm reported the incident to the Department of Homeland Security, which will be visiting the firm and conducting an investigation.

This would obviously not count as a HIPAA breach as HIPAA is concerned with the protected health information of patients rather than the sensitive information of employees. However, it could easily have also resulted in a HIPAA breach.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.