The St. John’s Mercy Medical Group (SJMMG) in Missouri has notified patients that one of their physicians, Dr. David Brown, had improperly disposed of medical records.
In a statement on their web site, they say, in part:
On June 9, St. John’s Mercy Medical Group (SJMMG) became aware that Dr. David Brown had improperly disposed of medical records he no longer needed in a dumpster near his Florissant office on June 7 or 8. We believe most, if not all, of those records were safely retrieved and are back in Dr. Brown’s office.
On June 14, during the investigation into the Florissant matter, SJMMG learned that a similar incident occurred on June 7 or 8 at Dr. Brown’s Clayton office where records were not retrieved before being transported to a landfill making them inaccessible. SJMMG has since been investigating both incidents. Letters with an apology and information about what is being done to protect their information have been sent to all patients whose private information may have been involved.
The medical records contained information regarding the care received at Dr. Brown’s offices as well as personal demographic information such as name, address, date of birth, social security number and, in some instances, credit card information. All patients whose medical records were involved have been offered, at no cost to them, 12 months of credit monitoring, identity theft insurance and identity restoration coverage.
Although the notice indicates that disciplinary action has been taken, it is not clear who was disciplined or how.
The incident was reported to HHS on August 20.
Thankfully, HITECH requires notification of breaches involving paper records. Otherwise, would they even had had to notify residents of Missouri? Yoo hoo, Congress, can you hear me now?