[00:00.0 - 00:05.0] The files appear to have come from Women's Health Consultants, an obstetrics and gynecology [00:05.0 - 00:11.3] practice that had centers in South Whitehall Township and Hanover Township, PA. [00:11.3 - 00:13.9] Women's Health Consultants is no longer in business. [00:13.9 - 00:18.6] How the records came to be dumped at the recycling center is unknown, as the container where [00:18.6 - 00:22.8] the records were disposed of was not covered by surveillance cameras.
[00:22.8 - 00:28.0] The center does have a locked recycling container where sensitive documents containing confidential [00:28.0 - 00:33.6] information can be disposed of securely, but that container was not used. [00:33.6 - 00:39.2] The records were dumped in a container where they could be accessed by unauthorized individuals. [00:39.2 - 00:43.6] The person who discovered the files left an anonymous tip on the non-emergency line of [00:43.6 - 00:45.9] the Allentown Communication Center.
[00:45.9 - 00:51.0] According to the morning call, a city employee visited the recycling center and pushed the [00:51.0 - 00:55.2] records further into the container so they were no longer visible. [00:55.2 - 00:59.7] The container has since been loaded onto a truck and is no longer accessible by the [00:59.7 - 01:00.8] public. [01:00.8 - 01:04.4] The container will be sent on to a recycling company.
[01:04.4 - 01:08.9] The privacy breach has been reported to the Pennsylvania Attorney General's Office, although [01:08.9 - 01:13.6] it is unclear whether an investigation into the incident has been launched. [01:13.6 - 01:18.4] HIPAA requires all physical records containing patients' protected health information to [01:18.4 - 01:24.6] be disposed of securely, rendering all information unreadable and indecipherable, so that it [01:24.6 - 01:26.7] cannot be reconstructed. [01:26.7 - 01:32.4] For paper records, this typically involves shredding, pulping, or burning the files.
[01:32.4 - 01:37.1] If that process is to occur off-site, the records should be secured in transit to ensure [01:37.1 - 01:40.8] they cannot be accessed by unauthorized individuals. [01:40.8 - 01:45.6] The failure to dispose of records securely can attract a significant financial penalty, [01:45.6 - 01:52.8] ranging from $100,000 to $50,000 per instance, up to a maximum of $1,500,000. [01:52.8 - 01:56.9] The Department of Health and Human Services Office for Civil Rights has already punished [01:56.9 - 02:01.5] health care organizations for improperly disposing of medical records.
[02:01.5 - 02:09.4] In 2015, Cornell Prescription Pharmacy settled an improper disposal case with OCR for $125,000. [02:09.4 - 02:11.1]
