HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

PHI of 842 Western Washington Medical Group Patients Exposed

The protected health information of 842 patients of Western Washington Medical Group was exposed in November 2017. Documents containing sensitive health information were accidentally disposed of with regular trash.

On November 13, 2017, the janitorial service used by the medical group emptied shredding bins with regular trash. Instead of sensitive documents being permanently destroyed in accordance with HIPAA Rules, they were emptied into regular trash bins. Western Washington Medical Group discovered the error the following day, but too late to recover the documents as the trash had already been collected and taken to landfill sites for disposal.

The breach was limited, but individuals impacted have had a range of sensitive information exposed including names, addresses, medical history forms, diagnoses, medical histories, appointment dates, and health insurance billing information.

Patients impacted by the breach had previously visited WWMG Orthopedic, Sports and Spine centers for medical services. Notification letters were sent to all affected individuals by first class mail on January 12, 2018.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The paperwork could potentially have been accessed by unauthorized individuals although the risk to patients is believed to be low. No reports have been received that suggest any PHI has been misused. However, despite the low level of risk and out of an abundance of caution, affected patients have been offered complimentary identity theft protection services for 12 months through ID Experts.

Janitorial employees have received further training to prevent similar privacy breaches from occurring in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.