Janitor Sells Patient Records for $40
"One theme the incident does touch on is that of prevention," says Frank Ruelas, director of compliance and risk management at Maryvale Hospital and principal of HIPAA College in Casa Grande, AZ. "This incident is a bit of a head scratcher because this incident involved the movement of 14 boxes from the facility. So either this person was in a situation where his actions were not noticed by others (for example he may have been the only person in the area) or if others noticed him, they didn't think to perhaps intervene or perhaps didn't perceive anything wrong with what he did."
Ruelas says the incident raises questions regarding boxes of personal health information (PHI):
- Are boxes containing documents clearly labeled to identify that their contents are confidential?
- If boxes and their contents are identified, are they being destroyed in a manner consistent with a hospital's policy on the destruction of confidential documents?
A "good rule of thumb," Ruelas says, is to dispose of confidential documents in accordance with policy during business hours when possible.
"This enables those who are knowledgeable about the documents and how they are to be disposed of to be involved," Ruelas said. "To leave documents staged such that they can be removed by unauthorized personnel or in a manner inconsistent with the organization's policy can result in an incident such as this one."
Also, restrict janitorial services in areas containing confidential documents during business hours; only allow them to work when someone can supervise access to and from such locations.
"In some hospitals, if janitorial services are needed in restricted-access areas after hours, security or other staff [should] remain in the area until the janitorial services are completed," Ruelas said.
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- 3 Traits Personality Assessments Can't Reveal
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- CHS Hacked, 4.5M Patient Records Compromised
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- Business Roundup: M&A Activity Down Slightly in First Half of 2014
- CFO Exchange: Healthcare Leaders Share 5 Innovative Ideas
- Large Employers Trimming Healthcare Spending
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- 3 Things the Ice Bucket Challenge Can Teach Hospital Marketers