Several health care facilities across the country were alleged to have violated patient privacy laws after medical files that included patients' personal information were found in dumpsters throughout the year. Facilities in at least three states could be found in violation of the Health Insurance Portability and Accountability Act due to the fact that they may have left the files in dumpsters, where they were discovered by passersby and investigative news teams throughout 2019.
For example, a Michigan man said that he stumbled upon boxes of medical records in Southfield while he was throwing out his own trash in a dumpster behind the Comerica Incorporated building, Fox 2 Detroit reported. The origin of those patient files has not yet been reported, and the man also reported finding boxes labeled "biohazard," containing blood-borne pathogens.
In Illinois, patient files were discovered in Chatham behind the defunct Medical Professional Home Healthcare Center that contained the names of several individuals, some of whom told CBS 2 Chicago that they "did not know" why the health care facility would have had their information in the first place because they had never been there.
Another prominent instance occurred in September in New York City's Upper East Side and involved two doctors who work in the same East 76th Street office whose patient files were discovered with trash outside the building. When asked by NBC 4 New York's I-Team about the incident, both doctors claimed that they followed standard procedure for the disposal of patient records.
"The investigation thus far seems to indicate that the records were improperly taken and removed from a locked premises without our clients' permission," the doctors' attorney stated, according to JDSupra.
Despite the allegations and findings, no further developments related to HIPPA violations for any of the three cases were reported as of October 2019.
Instances of improper medical records disposal come as the health care industry has made a push to digitize its records and storage, particularly as a way to cut costs and improve security.
Despite the shift, issues have already cropped up with regard to cyberattacks – particularly on health care facilities with weak information technology departments and cyber posture in relation to vulnerabilities allowing hackers access to sensitive information. According to Cyber Policy, employee negligence accounted for more than 80% of healthcare-related cyber incidents, while the industry represented the target of 88% of ransomware attacks in 2016.