East Idaho News reports:
A man in Ammon is upset after he found several boxes containing medical records and other personal information behind his workplace.
KIDK reports Wes Dustin found boxes of information from The Children’s Center in a dumpster. The documents were seven to eight years old.
An employee for Grand Teton Storage left the documents next to the dumpster after the company that managed the mental health clinic didn’t pay its storage bills.
State officials say the documents will be shredded.
Whoa. What did the storage company do? Had they signed any contract as a business associate that would require secure disposal of records?
Reading KIDK’s coverage of the breach, I see that they have more details. There were reportedly seven storage file boxes and a garbage bag found intact:
Dustin found seven boxes and a garbage bag packed with children’s medical records from a place called The Children’s Center.
“Names, addresses, Social Security numbers, date of birth,” Dustin listed.
He also found billing and payroll information in the boxes.
As for the storage company’s explanation, KIDK reports:
According to Grand Teton Storage, the company that managed The Children’s Center wasn’t paying its bill. In accordance with its policy, Grand Teton Storage had to auction the contents of the unit off.
When it came to those sensitive records, a Grand Teton Storage employee said, “We contacted state officials and acted in accordance to their rules.”
As Dustin found out, things didn’t go totally according to plan.
“Somebody needs to know the information is not being disposed of properly,” Dustin said.
The Grand Teton Storage employee said management knows who threw the records away, and disciplinary action will be taken against that person.
The Idaho Department of Health and Welfare has taken custody of the records. IDHW Spokesman Tom Shanahan said the federal government has begun to shred the documents. That process was expected to be complete by Thursday night or Friday morning.
The federal government is doing the shredding? Will they also open an official case on Grand Teton and possibly fine them? We may never find out without FOI if there’s no public announcement from HHS about this case in the next few years.