Records with personal and/or patient information continue to make news when they are left behind during moves. Just this week, we learned that Boyd Hospital left records behind during a move – records that may have legally become the property of an individual who bought the building from the county. While Boyd Hospital seemingly knew they had left records in the building but didn’t remove them in a timely fashion, an incident in the April Veterans Administration report to Congress provides an example of what happens when you don’t know you’ve left records behind.
The VA breach involved the VA Long Beach Healthcare System. The VA became aware of the breach when a veteran, disposing trash, noticed files in a dumpster on campus. The files, which included veterans’ names, dates of birth, home addresses, and Social Security numbers, were dated 2007 through 2011, and appear to have originated from the Patient Business Office.
The veteran who discovered the files posted about it on his personal Facebook page, and his post was shared widely and commented on. In addition, the VA investigators noted that there were three related posts about the incident on the VA Long Beach Healthcare System (VALBHS) Facebook page.
The VA found that the accounts receivable office was moved to another facility, and when employees moved out of their office, they probably left the documents behind. Then contractors who were hired to move the office furniture and found the documents did not dispose of them properly. All the documents were accounts receivable related.
There were a total of 358 documents, but there was no way to determine if there had been any additional documents that were not accounted for (i.e., that might have been removed from the trash).
As a result of the incident, 229 veterans were offered credit protection services and 77 letters were sent to the next of kin for those veterans who were deceased.
And all because no one walked through the old office to carefully check that all records had been removed? That’s a costly – and easily avoidable – mistake.