Kristen Ross of KBTX has a 3-part series on improper disposal of medical records in paper format. Part 1 describes hundreds of medical records floating around a dumpster that included names, addresses, social security numbers and medicaid numbers. Those documents were from the Daniel Jarvis Home Health Agency.
According to Ross, attorneys for the home health agency tried to recover the files:
…. we received word from the home health agency through an e-mail written from their attorney asking for the files we found back.
“It is our position that you are now holding property that belongs to Daniel Jarvis Home Health. Your failure or refusal to return the same will be considered a conversion and we will seek all damages that may be available,” the letter states.
Soon after KBTX received that letter, we received another also expressing interest in the files our investigation uncovered, this one a subpoena from the Attorney General’s Office.
“This material is relevant to the subject matter of an investigation of Daniel Jarvis Health Care for possible violations of the Deceptive Trade Practices Consumer Protection Act,” it reads.
The letter goes on to say the investigation involves possible misrepresentations made by Daniel Jarvis in regards to the privacy and security of customer records.
A day after we got the letter, a representative from the AG’s office came to pick the records up for further investigation, an investigation they say will also examine whether one of the AG’s newest weapons against identity theft was violated: the Identity Theft Enforcement and Protection Act. Officials say that can be applied to businesses that mishandle consumers’ personal information.
This blogger has long been a fan of Attorney General Greg Abbott for his determined efforts to pursue those who do not provide adequate data protection. Unfortunately, some states do not have laws that apply to disposal of paper records, and as most readers will know by now, HIPAA was a tremendous disappointment in terms of security and enforcement. Even the new federal provisions that amend HIPAA do not apply to protection of patient records in paper form, leaving states looking to other tools or statutes to enforce or prosecute cases.
It will be interesting to see what Texas does with this case. I don’t know whether profuse apologies on the part of the home health agency would help, but thinly veiled threats aimed at the news station doesn’t strike me as a useful response.