California healthcare facility suffered data breach when improper disposal of information affected PHI. Graybill Medical Group notified patients of a potential data breach after X-ray films were accidentally taken out with the regular trash. It was meant to be sent to a waste disposal company.
According to the reports, the films set for disposal were placed in a trash liner bag but the employee who was supposed to take them to the disposal company was ill.
“Later that evening or early the next morning, our janitorial service gathered the films, believing they were to be disposed of as ordinary trash,” Arena said in the release. “That bag was then taken to a dumpster and collected by the waste disposal company. When this was discovered the following day, we attempted to locate the films in the dumpster but it had already been emptied.”
Graybill tried to possess the information by reaching to trash company but was informed that they had already been taken to a landfill and were irretrievable.
“Of the total group of X-ray films that were taken during that period, only a small percentage were to be destroyed,” Arena explained. “Unfortunately, because we do not know which films were in the group set for destruction, we are taking the extra precaution of notifying all patients who had X-rays taken during that time.”
According to the reports, films did not contain Social Security numbers or any other medical information. However, they did contain patient names, addresses, phone numbers, dates of birth and medical provider identification.
“It is our sincere belief that the trash bag of X-ray films is now buried in an unknown location in the landfill, and we have no reason to believe that any of demographic information they contain will be accessed or used in an adverse way in the future,” Arena said. “Protecting the privacy of our patients is of the highest priority in our organization and we deeply regret this incident occurred.”
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.