Tina Terry reports that a Channel 9 News investigation resulted in crews removing dozens of boxes of patient records from an abandoned Statesville hospital, the old Davis Hospital.
Now wait for it: the records were abandoned more than 30 years ago. But according to Davis Hospital, back then, “the hospital was operated by an unrelated organization.”
Read more on WSOC-TV, who obtained a statement from Davis Regional Medical Center, that said, in part:
The hospital moved to its current location on Mocksville Road more than thirty years ago when operated by a wholly unrelated organization. While the history and contents of the files remains unknown to the current administration of Davis Regional, we are equipped to secure, evaluate and appropriately handle them and are working diligently to contact the building’s owner in order to extend an offer to retrieve them.
Wondering what HHS might do about this one? Maybe you should stop wondering and stop and think for a moment about when HIPAA first came into force. There was no HIPAA back then. Now is this a reportable breach under HITECH? I think it is as it is just discovered. But who’s going to report it? If Davis Regional Medical Center truly wasn’t ever responsible for the records (a contractual issue), then will they even report this – or notify anybody, given the costs involved?
And how can anyone be sure whether patient records were stolen or accessed? A little Googling online reveals that probably numerous people entered the building over the years, as it had a reputation for being a “haunted” building (see comments under the video and this video).