HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

South Fulton Mental Heath Center Discovers Dumped Medical Records

Late last week, South Fulton Mental Health Center in Georgia discovered highly sensitive patient health records had been improperly disposed of in a dumpster that was accessible by the public.

A statement released by the clinic shortly after the records were discovered confirmed that an investigation had been launched into the HIPAA breach. “A preliminary review suggests that a staff member did not secure the files properly” during the move from the South Fulton Mental Health Center.

The files have now been retrieved and secured, although they were accessed by at least one individual. CBS46 was tipped off about the dumped records and a reporter was able to retrieve some documents from the dumpster before they were secured. The documents viewed by the CBS46 reporter contained patients’ names, Social Security numbers and other sensitive information.

An internal investigation into the incident is ongoing. While it is possible that an employee made an error and either left the records unsecured or accidentally dumped the records, this is now being viewed as a deliberate act.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Fulton County Commission Chairman John Eaves told CBS46 that “There’s at least one disgruntled employee who’s responsible for this.” Fulton County officials have confirmed they have identified the employee they believe is responsible. That individual has not been named although he/she had worked at the clinic for a number of years.

The employee is believed to have dumped the records in an act of retaliation to the decision by the clinic to start outsourcing its mental health services.

Fulton County is now checking all of the dumped records to find out which patients have been affected. Breach notification letters will be sent to all affected patients once that process is complete. At this stage, it is unclear how many of the clinic’s current and former patients have been impacted, although initial reports suggest that hundreds of patients have been impacted.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.