Slashdot Mirror
Recycled Medical Records Used As Scrap Paper At Elementary School
Parents with students at Hale Elementary School in Minneapolis have found something interesting on the back of their children's pictures hanging on the fridge, detailed medical information. From the article: "Jennifer Kane was tidying her dining room when she found the drawing by her daughter, Keely, who goes to Hale Elementary School. On the back of the paper was the name, birth date and detailed medical information for a 24-year-old St. Paul woman named Paula White. 'The more I read it, the more alarmed I became about the amount of information I had about this person,' said Kane." The security lapse has been blamed on a paralegal donating the paper to the school.
I am sure the school carefully checked over the scrap paper being donated. Some teacher probably got a box full of paper, took a quick look and was just thankful her funding-starved school got some paper. Otherwise, she'd have had to buy some out of her own paycheck like many teachers do...
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
I can tell you exactly what happened. There were two boxes next to the copier, one which was for the "special needs" children in school, and the other for materials to be shredded. Someone dumped some papers with PII into the "special need" children box when they should have gone into the shred box. Then, more documents without PII were dumped into the "special need" children box. When the school came calling for paper as they do once a month, the paralegal grabbed the "special need" children box and gave it to the school, giving the documents a cursory glance.
More than likely, the arrogant lawyer who will just dump his papers wherever because he's too busy to actually pay attention is the culprit. The poor paralegal will get the shaft, the "special need" children box will get removed, and we will all move on feeling wiser - except the "special need" children, who no longer will get paper either with or without PII.
Hoist Number One and Number Six.
You aren't going to be able to sue a medical center and get all medical records for all patients. It's unlikely that you would get any records other than your own health records.
What happened here is a pretty clear chain of events as to how it happened.
Here's the facts. Many (exact number unknown) pieces of scrap paper contained medical information. All that information originated from Sawicki and Phelps. Ms. White had hired them after she was in a car accident.
The last fact heavily suggests that these attorneys are personal injury attorneys and possibly medical malpractice attorneys. They are going to need to have the medical records for their clients in order to build a case. This leads me to believe that all medical information disclosed by them were all clients of the law firm seeking restitution for injuries sustained.
It's really not even a loophole at all. It's a possible consequence of giving your medical information to a group not covered by HIPAA.
The only difference between this and giving your medical information to the guy that gets your Starbucks in the morning is that at least lawyers have the bar association and other organizations which may keep them in line regarding private information. That and a lawyer without clients because he keeps giving out their private info would be a lawyer without clients.
"Lack of speed can be overcome. In the worst case by patience." --Znork
Really? That's somewhat appalling ... so the easiest way to sidestep these regulations is to give it to someone who isn't covered by them?
I realize that's a gross simplification, but I should think that getting information covered under such a law would extend obligations to you. This information is covered under HIPAA ... you've been given this information ... therefore you have obligations under HIPAA.
I mean, it's not like someone can give me Classified information and suddenly I'm free to do with it as I please.
Sadly, I fear my version is probably more abstract and less likely to be that way in practice.
Lost at C:>. Found at C.
Health records can contain personally identifying information (like SSN/DOB/address) which can be used for ID theft. (As an ID theft victim, trust me when I say this is *NOT* fun to clean up after.) Also, potentially embarrassing information could be revealed that was trusted to remain between doctor and patient. Working in IT in a medical organization, I can attest to the power HIPAA has over our actions. We need to keep it in mind with everything we do. People get fired for violations like looking up someone's records that they didn't have a job-related need to do. It's not a warning not to do it again with repeat offenders getting the boot. It's strike one and you're out. There will be an investigation and people will be fired.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Oh bother. This is a law firm which deals with private information as a business. It's what they do. Every peon (non-lawyer) should always assume that every document is private, and that disclosure could lose them their jobs. They should be told this, but they should also be able to figure it out on their own.
Now there are scenarios (ex:asking permission) where someone else would be at fault. In the general case, though, the paralegal is squarely at fault. I don't want to hire a lawyer who employs that paralegal... thus one can hardly blame the law firm for not wanting to employ him/her any further.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.