Maureen Kocot reports:
A good Samaritan says he was surprised when he discovered thousands of documents marked confidential in a dumpster.
10TV examined the documents and found medical records containing patients’ social security numbers, dates of birth, as well as detailed information about medical conditions and prescriptions.
[…]
The Ohio Medical Board says it has the authority to take action when patients’ records are discarded in a dumpster, because it’s considered a violation of the minimal standards of care. However, 10TV has learned the doctor who ran the practice died in January.
Read more on 10TV.
So if you’re a HIPAA-covered entity, you’re supposed to have a plan. Did the doctor have a plan? Who was supposed to take charge of the patient records? Who was supposed to clean out the office? Was there an associate or partner in the practice? Did the doctor leave a will that specified who was to take control of patient records?
No, I do not expect that the state or OCR will really spend much, if any, time investigating this, but this is not the first time we’ve seen a landlord just throw out records that should have been secured after the death of a professional.
So if you, like me are a HIPAA-covered entity, have you made plans for your records in the event of your death or serious disability? Do others know your plan so that they can implement it?