Share this article on:
The protected health information of 842 patients of Western Washington Medical Group was exposed in November 2017. Documents containing sensitive health information were accidentally disposed of with regular trash.
On November 13, 2017, the janitorial service used by the medical group emptied shredding bins with regular trash. Instead of sensitive documents being permanently destroyed in accordance with HIPAA Rules, they were emptied into regular trash bins. Western Washington Medical Group discovered the error the following day, but too late to recover the documents as the trash had already been collected and taken to landfill sites for disposal.
The breach was limited, but individuals impacted have had a range of sensitive information exposed including names, addresses, medical history forms, diagnoses, medical histories, appointment dates, and health insurance billing information.
Patients impacted by the breach had previously visited WWMG Orthopedic, Sports and Spine centers for medical services. Notification letters were sent to all affected individuals by first class mail on January 12, 2018.
The paperwork could potentially have been accessed by unauthorized individuals although the risk to patients is believed to be low. No reports have been received that suggest any PHI has been misused. However, despite the low level of risk and out of an abundance of caution, affected patients have been offered complimentary identity theft protection services for 12 months through ID Experts.
Janitorial employees have received further training to prevent similar privacy breaches from occurring in the future.