Slashdot Mirror
Recycled Medical Records Used As Scrap Paper At Elementary School
Parents with students at Hale Elementary School in Minneapolis have found something interesting on the back of their children's pictures hanging on the fridge, detailed medical information. From the article: "Jennifer Kane was tidying her dining room when she found the drawing by her daughter, Keely, who goes to Hale Elementary School. On the back of the paper was the name, birth date and detailed medical information for a 24-year-old St. Paul woman named Paula White. 'The more I read it, the more alarmed I became about the amount of information I had about this person,' said Kane." The security lapse has been blamed on a paralegal donating the paper to the school.
Look in the source code of this comment for detailed medical records!
"When information is power, privacy is freedom" - Jah-Wren Ryel
There's got to be a massive fine coming for this.
The man who dies rich dies disgraced. -- Andrew Carnegie
"Mommy, whats 'anal hemorrhoids'?"
Good going! Would HIPPA be violated, or lawyer client privileged be violated in this case?
A paralegal donated the paper? Wow. That is like a sys admin posting a server password on a post-it note on the server rack...
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Unfortunately medical information is passed to so many 3rd parties (including overseas) that ensuring privacy is now becoming an impossibility.
Wow just wow did the boss not give her the time to do it But why do they not have a locked bin to drop papers in that a out side place like iron mountain or others to destroy the paper?
I am sure the school carefully checked over the scrap paper being donated. Some teacher probably got a box full of paper, took a quick look and was just thankful her funding-starved school got some paper. Otherwise, she'd have had to buy some out of her own paycheck like many teachers do...
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
But but.. what about HIPPA? it would garentee nothing like this ever happens! .. oh.. what's that... just because someone makes a huge compliance law doesn't prevent basic slip-ups like this?
Looks like the Hippa laws has 3 tiers of penalties depending on intent of disclosure. The first penalty, $50K fine and possible jail sentence of not more than a year, is for a person knowingly disclosing the information but with no malicious intent. So the people guilty of this law would be the paralegal, Ms. Kane, and possibly the CBS reporter. The medical facility that the paralegal works at probably shares in the blame too. So how many people here will be prosecuted? Probably none.
Of course I don't want to see Ms. Kane or the reporter punished; it's a poorly written law. There are so many poorly written laws (such as copyright laws) where people are punished harshly. Shouldn't these people be pursued with equal vigor?
Responsibility for processes that ensure this does not happen is with management. If it happens, then not the paralegal, but his/her manager screwed up and needs to be punished. With power comes responsibility. It is time for the to be reflected in the legal system.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Someone should be fired immediately. And was there no one at the school that noticed this?
School teachers are not responsible for HIPAA compliance ;-)
Well, it is once in a lifetime chance. The law firm is negligent, is violating privacy law HEPA or whatever. Ambulance chaser in the cross-hairs. Sue that law firm for everything it got.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
How dumb do you have to be before donating legal documents (without first checking with your boss) to a school seems like a good idea... these clowns will be lucky if HIPPA fines are the worst that come from this.
The government needs to wake up and realize this entire industry isn't spending any money on security.
WAH! I'm stupid! I'm stupid! I'm stupider than you! I'm stupider than you in every way!
Yeah, but how else are you going to blame this on public employees? You just know it has to be their fault.
Haven't you heard? Literacy is a skill that's taught in college. Elementary and High School teachers don't teach it, so they aren't practicing it regularly. The grade school focus is more on tasks like diagnosing ADD.
"Lame" - Galaxar
violating privacy law HEPA or whatever
Yes! That law firm really needs better privacy filters! Something has to happen to clear the air!
I once got an Ebay item where the packing material was from a mental health practice. It turns out the secretary there used the scrap for packing. Anyways, I sent them an e-mail, got an e-mail back from a lawyer asking if I could send him the documents. I did, and then I got an e-mail saying it was taken care of, and I was contacted by the person or anything, to let them know.
Three decades ago when I was in high school, they loaded our PDP-8's line printer with the the back sides of boring inventory reports from some manufacturing company.
However, now that we don't manufacturer anything in the USA any more, and our entire economy is becoming nothing more than a mix of healthcare providers and consumers, they *have* to use old health records for printer paper in schools. There's nothing else to use.
amusing the hysteria and fear about health records being randomly revealed, no one in a city far away cares about your case of crotch rot. It's no big deal. really.
Now the kids will see how bad you get f***d when you go to the doctor and will avoid getting proper medical care!
Having to work for a living is the root of all evil.
Yep. I'm a public university professor, and I regularly have to make copies on the back of once-used paper because we run out of money for paper. I've also been told I need to buy my own printer if I want access to a printer. I'm also being asked to pay for my own inter-library loan articles. Some of our faculty offices have holes in the wall large enough to stick your hand outside and check the weather. (I can't believe I'm not making that one up. But, yep, just looked out window to verify: Prof. Z's office has a fist-sized hole all the way thru the wall; the boards have just rotted away.) Money is getting tight. Unless it's for a new football stadium, which I can see from my window is coming along nicely. (Note to parents: DO NOT LET YOUR CHILDREN GET A GRADUATE DEGREE IN HISTORY, ENGLISH, GEOGRAPHY, OR ANY OF THE HUMANITIES!)
Someone at Larry Flynt publications should arrange for some "scrap paper" to be donated for the benefit of those poor undereducated students. More likely to get some from BoA though..
A) If anyone violated HIPAA, it's the law office, not the school. And whether or not they're in violation of HIPAA specifically depends on how they came upon those records.
B) The paralegal who donated the paper almost certainly will end up losing her job over this. Fortunately for you, we live in a society where people lose their jobs over honest mistakes, since something has to satisfy your misguided rage over something that had no effect on you whatsoever.
C) TFA says this was an afterschool program. I don't know how your school worked, but at my school they didn't have a staff of people to inspect every material used by every afterschool program.
If the teachers get tired of spending their own money to buy paper for the school, this type of thing will happen. Most school's don't have enough money for printer paper for the whole year. Some schools run out of money for that by mid September
All this, while at the same time tuition costs are breaking new record highs. Makes you wonder where all the money is going because it's certainly not being spent on the faculty.
When working through problems for tests or even scratch paper for homework I'd always raid the recycle bin next to all the campus computers. Full of 1 sided paper that is just tossed.
Sometimes you'll find a bunch of PS errors that printed nothing but glyphs on a 1/2 a ream of paper. Then it's the jackpot. I don't ever remember paying for paper during my undergraduate.
It goes to buy expensive furniture for the office of those that control the money: the administration in charge of receiving the tuition checks. Note for self: in the long term administration always transition from being an administration that take the administrative work off researchers hands into being an administration that enforce new administrative rules and controls the researchers did that administrative work correctly. Then they use their power of nuisance to funnel all the money to their administrative department.
Is it perhaps possible that "public" university means one of those insitutions which do NOT charge a fortune in tuition and instead offer a relatively low-cost alternative based on 'public' funding? I'm not an American so my knowledge is limited. Of course I'm also not sure if the GP is an American either, or if an American university is the one under discussion.
Damn greedy teachers with their gold-plated Celicas are too lazy vet their free paper for HIPAA violations. They should be supporting the economy by buying paper for their classroom out of their own damn pockets. And don't spew any socialism about the school board should be providing paper. Probably too busy plotting how to steal crumbs from the mouths of millionaires.
This will get swept under the rug. The lawyers will say that a box of paper records is nothing compared to this -- Sutter Health laptop stolen with unencrypted records of 4 million patients. The defense of saying "but I didn't do nearly as badly as the other idiot" actually works (just ask Stalin about his Hitler excuse). Seriously, the medical industry has worked for decades to make it immune from legal liability, and their efforts have been very effective.
If schools in the USA are so starved for paper, I'd urge them to stop by their local print and copy shop. They have loads of scrap paper, often with nothing on the back (trimmed off a small job) or with just business marketing print job stuff on the back.
I worked at a print shop and they daily toss stacks and stacks of blank trimmings into the recycle bin. Often a small job printed on 8.5/11 inch paper so it's not exactly proper size, but great for arts and crafts.
Probably somewhere that has color-less money. Our district gets 'tech funding'. We've bought a few advanced projectors on mobile cats, video cameras, and some other things (no iGear, sadly). But, our teachers get a 'paper allotment' and gott forbid if any other money was spent on paper. The PTA gives teachers a small allocation each year for 'supplementary items' for the classroom. We'd get audited if it was suspected the money was getting used for 'primary education', and that includes buying them new paper. When mentioning at a PTA meeting that maybe the group could act as the go-between to get 'scrap' from local businesses, this issue came up. Who would oversee the appropriateness of the 'scrap'. Which corporate side office would take on the extra work to ensure only approved scrap paper was released, etc. Some government offices would require a 'Distribution A - Approved for Public Release' on any paper that wasn't almost trivially devoid of info.
WAH! I'm stupid! I'm stupid! I'm stupider than you! I'm stupider than you in every way!
Your lyrics lack subtlety. You can't just have your characters announce how they feel! That makes me feel angry!
I have issue with A and B.
If we have HIPAA in place to protect medical information it shouldn't matter the manner the party that released them came about it. If it was a lawsuit brought by a client of the firm or whatever, there should be no loophole what-so-ever for a violation like this.
As for B the paralegal shouldn't be fired, their head was in the right place trying to help out a local school. Now IF this law firm was working on a case concerning these records at one time, then anyone who would possibly come into contact with the documents should have been made aware of any HIPAA regulations. I squarely place blame on the firm itself, not the person that released the documents.
CAPTCHA: scoffed
Or to pay the salary of the newest assistant deputy backup vice superintendent...
Liberty in your lifetime
Someone should be fired immediately. And was there no one at the school that noticed this?
Someone at the hospital should be fired immediately.
I have experience handling medical data, and I have seen how aggressive HIPAA violations are pursued. The slightest mistake can result in fines that are so large that the parent company HAS closed down entire branches only due to some moron's mistake. And although I wont say names, I'm talking about one LARGE company with money to bribe senators and push laws. Yet they never get to avoid repercusions of HIPAA violations.
The hospital in responsible for this is in big trouble. Paralegal excuses wont help them. An investigation would, for one, force the hospital to explain even why paralegals had access to PHI, in a record by record basis.
We've bought a few advanced projectors on mobile cats...
At my school we had mobile projector cats, too. It was hard to keep those little monsters still through an entire lecture, though. Especially when the teacher pulled out the laser pointer.
<!-- Just recycle your HTML to get it past /.'s HTML filter. -->
/.'s HTML filter.
Just recycle your HTML to get it past
Oh bother. This is a law firm which deals with private information as a business. It's what they do. Every peon (non-lawyer) should always assume that every document is private, and that disclosure could lose them their jobs. They should be told this, but they should also be able to figure it out on their own.
Now there are scenarios (ex:asking permission) where someone else would be at fault. In the general case, though, the paralegal is squarely at fault. I don't want to hire a lawyer who employs that paralegal... thus one can hardly blame the law firm for not wanting to employ him/her any further.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
So.... you're ignoring that a person can give permission for non-covered entities to have access to that PHI. The sort of permission that would have to be granted to a law firm when they are pursuing a personal injury case for a client? The exact sort of law firm which is the subject of the article.
"Lack of speed can be overcome. In the worst case by patience." --Znork
I'm surprised they didn't feed it to the kids.
United States public university professor, specifically a [state name] State University (2nd tier; first-tier research schools are University of [state name]). And whether or not public universities charge a fortune is a matter of perspective. Tuition at public universities has skyrocketed since the late 80s when the federal government began to reduce contributions. Then add the costs associated with computer technology needs and increased enrollment. Then add the diminished buying power of the dollar.... Tuition has increased every year. And, frankly, the quality of education has rapidly diminished as schools have been forced to teach a greater number of students with a greater range in ability/preparation. I just moved from an R1 school to this one; the budgets are bad at both, and at both most of the money was going into buildings, administrator salaries, and "development" (fundraising) staff and campaigns, while funding for the labs, libraries, faculty, and staff is slowly taken away.
American here -- the problem is that while public universities certainly have lower tuition than private universities, you're still looking at fairly high tuition prices that are climbing every year (they usually have to get permission from the state legislature, which dithers a bit and then raises the cap).
Add to this the fact that in order to get the good courses (and an actual degree), you have to be matriculated (officially enrolled in a degree-granting program), and in order to stay stay matriculated to you have to stay above a certain course load threshold, . . . and it means that people who are getting degrees mostly can't have full-time jobs at the same time. Most people don't have the stamina to have part-time jobs year-round while also taking enough courses. Which means the schools are requiring a rate of schooling that is inconsistent with staying out of debt.
If OWS was a crowd that thought through cause-and-effect sorts of relationships, they might have pointed out that this is a major reason why students graduate with mountains of debt and degrees that can't pay it back.
spoiler (rot13):
Na bssvpr vf erhfvat gur onpxf bs hfrq cncre. Fbzrbar gura nfxf "'Jung'f gur Rkrphgvir pbzcrafngvba yvfg?"
Not ignored, if that is the case the hospital has to provide record of said permission. It's part of "explain even why paralegals had access to PHI."
"explain even why paralegals had access to PHI."
Because the patient voluntarily released the information to her own law firm? They're personal injury lawyser representing her. The hospital did nothing wrong, and the law firm no more HIPAA-bound than a random guy you hand your medical records to. Not to say they won't be sued or censured for ordinary mishandling of client records.
Socialism: a lie told by totalitarians and believed by fools.
That's the zoom-out feature. They're working on getting it to zoom-in.
There is a good chance that 99% of the paper was just random scribblings and memos and there just happened to be 1 or 2 sheets of sensitive stuff.