DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NC: Prompt Med Fined for Improper Disposal of Records

Posted on May 22, 2010 by Dissent

Following up on a breach previously covered here and here, the North Carolina Attorney General’s Office released this statement yesterday:

A Greensboro urgent care center has paid $50,000 because its patients’ financial and medical information were illegally disposed of in a dumpster, Attorney General Roy Cooper announced Friday.

“When you share your personal information with a business, you expect it to be secure,” Cooper said, “Businesses have a duty to make sure your information isn’t just thrown in the trash where identity thieves or other criminals could find it.”

Under a state law that Cooper pushed through the General Assembly in 2005, businesses that dispose of personal identifying information are required to destroy or shred those records, so that identity thieves can’t retrieve information from discarded files that have been carelessly thrown away.

However, four boxes of patient records from the Prompt Med at 3402 Battleground Avenue in Greensboro were found in a dumpster at East Cone Boulevard and Summit Avenue in August 2009. Approximately 600 files were recovered containing personal information on 757 individuals. The records contained names, addresses, dates of birth, Social Security numbers, drivers’ license numbers, and insurance account numbers, as well as personal health information.

Cooper launched an investigation into the illegal dumping of the records, which resulted in the settlement announced today.

Under the settlement, Prompt Med is permanently barred from improperly disposing of patient records and has paid $50,000, including $26,650 in civil penalties that will go to public schools. The remaining $23,350 will go to fund consumer protection education and enforcement efforts, and to cover the costs of the Attorney General’s investigation into the company. In addition, Prompt Med also paid an additional $50 for proper destruction of the illegally dumped records.

At the request of the Attorney General’s office, Prompt Med previously reported the incident as a security breach and notified consumers whose information was placed at risk. A security breach happens when records containing personal information are lost, stolen or inappropriately displayed.

North Carolina law requires businesses as well as state and local government agencies to notify consumers if a security breach may have compromised their personal information. They must also report breaches to the Consumer Protection Division. A total of 471 breaches involving information about more than 2.2 million North Carolina consumers have been reported since state laws on security breaches took effect in 2005 and 2006.

Cooper’s office found out about the dumping of Prompt Med records thanks to reports from a local television station. Based on information from concerned citizens, local law enforcement, and reporters, the Attorney General’s Consumer Protection Division is currently investigating several other cases of reported document dumping by a non-profit in Charlotte, a mortgage lender in Morehead City, a doctor’s office in Roanoke Rapids, and a business in Caldwell County.

Anyone with information about a business that isn’t following the law to destroy old records and protect consumers from identity theft is encouraged to report it by calling 1-877-5-NO-SCAM toll-free within North Carolina. Consumers and businesses can also visit www.ncdoj.gov for simple ways to fight identity theft and an online complaint form.

“Businesses owe it to their customers to keep their personal information safe,” said Cooper. “If you spot a business that’s making it too easy for criminals to get their hands on your information, let my office know about it.”

Investing $50 in shredding could have saved the company $50,000. There’s probably a lesson in there somewhere.

Kudos to the NC Attorney General’s Office for investigating and pursuing these cases.

Cross-posted from PHIprivacy.net

Related posts:

  • NC: Prompt Med Fined for Improper Disposal of Records
  • Good Luck Explaining to HHS Why Your PHI is in GitHub’s Vault for the Next 1,000 Years
  • North Carolina psychologist settles state charges for dumping patients’ records, agrees to pay $40,000
  • North Carolina psychologist settles state charges for dumping patients' records, agrees to pay $40,000
Category: Breach IncidentsBreach TypesExposureHealth DataU.S.

Post navigation

← NC: Prompt Med Fined for Improper Disposal of Records
Aldaco’s issues credit card breach alert →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people
  • Terrible tales of opsec oversights: How cybercrooks get themselves caught
  • International Criminal Court hit with cyber attack during NATO summit
  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”
  • Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.