Bryant Longey, discovered a HIPAA violation while looking in a dumpster. The Behavioral Health Network in Springfield, Mass. had thrown away full sheet medical records. HIPAA requires all medical information to be properly destroyed. This includes both electronic and physical records.
Candace Darcy, Vice President at Behavioral Health Network, said the practice using a mobile shredding service. She said it was a mistake that the medical records were not properly destroyed per the company’s policy.
This is an example of a company doing almost everything correctly. The gap is that the policy left room for employees to make decisions on what information is private and what is not. Management should remove any question on what should be shredded. If it is paper then it should go into the shredding bin, no exceptions. This eliminates sensitive information getting grouped in with general office paper.
Looking at the pictures in the dumpster is looks like they were cleaning up an old office or storage area. This is the time to bring in extra shredding bins. As you clean out file cabinets then the papers that don’t need to be saved can be put in the bin. When the project is over the shred truck can come out and finish up the cleaning.