Liz Kowalczyk reports that four Massachusetts community hospitals – Milford, Holyoke, Carney, and Milton – are investigating how tens of thousands of patient health records, some containing Social Security numbers and sensitive medical diagnoses, ended up in a pile described as 20 feet long by 20 feet wide at Georgetown Transfer Station. Read more of her coverage in the Boston Globe.
See PHIprivacy.net for statements from three of the hospitals involved.
Would this be a good time to point out that even the newest data breach notification statute proposed in Congress does not require notification in the event of a breach involving paper records? Why can’t we get one federal law that covers all sectors and that includes paper records?