Quality e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

Janitor Sells Patient Records for $40

Dom Nicastro, for HealthLeaders Media, September 21, 2010

"One theme the incident does touch on is that of prevention," says Frank Ruelas, director of compliance and risk management at Maryvale Hospital and principal of HIPAA College in Casa Grande, AZ. "This incident is a bit of a head scratcher because this incident involved the movement of 14 boxes from the facility. So either this person was in a situation where his actions were not noticed by others (for example he may have been the only person in the area) or if others noticed him, they didn't think to perhaps intervene or perhaps didn't perceive anything wrong with what he did."


Ruelas says the incident raises questions regarding boxes of personal health information (PHI):

 

  • Are boxes containing documents clearly labeled to identify that their contents are confidential?
  • If boxes and their contents are identified, are they being destroyed in a manner consistent with a hospital's policy on the destruction of confidential documents?

A "good rule of thumb," Ruelas says, is to dispose of confidential documents in accordance with policy during business hours when possible. 

"This enables those who are knowledgeable about the documents and how they are to be disposed of to be involved," Ruelas said. "To leave documents staged such that they can be removed by unauthorized personnel or in a manner inconsistent with the organization's policy can result in an incident such as this one."

Also, restrict janitorial services in areas containing confidential documents during business hours; only allow them to work when someone can supervise access to and from such locations. 

"In some hospitals, if janitorial services are needed in restricted-access areas after hours, security or other staff [should] remain in the area until the janitorial services are completed," Ruelas said.


Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

Comments are moderated. Please be patient.