Slashdot Mirror
Recycled Medical Records Used As Scrap Paper At Elementary School
Parents with students at Hale Elementary School in Minneapolis have found something interesting on the back of their children's pictures hanging on the fridge, detailed medical information. From the article: "Jennifer Kane was tidying her dining room when she found the drawing by her daughter, Keely, who goes to Hale Elementary School. On the back of the paper was the name, birth date and detailed medical information for a 24-year-old St. Paul woman named Paula White. 'The more I read it, the more alarmed I became about the amount of information I had about this person,' said Kane." The security lapse has been blamed on a paralegal donating the paper to the school.
Look in the source code of this comment for detailed medical records!
"When information is power, privacy is freedom" - Jah-Wren Ryel
There's got to be a massive fine coming for this.
The man who dies rich dies disgraced. -- Andrew Carnegie
"Mommy, whats 'anal hemorrhoids'?"
A paralegal donated the paper? Wow. That is like a sys admin posting a server password on a post-it note on the server rack...
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Wow just wow did the boss not give her the time to do it But why do they not have a locked bin to drop papers in that a out side place like iron mountain or others to destroy the paper?
I am sure the school carefully checked over the scrap paper being donated. Some teacher probably got a box full of paper, took a quick look and was just thankful her funding-starved school got some paper. Otherwise, she'd have had to buy some out of her own paycheck like many teachers do...
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
But but.. what about HIPPA? it would garentee nothing like this ever happens! .. oh.. what's that... just because someone makes a huge compliance law doesn't prevent basic slip-ups like this?
Looks like the Hippa laws has 3 tiers of penalties depending on intent of disclosure. The first penalty, $50K fine and possible jail sentence of not more than a year, is for a person knowingly disclosing the information but with no malicious intent. So the people guilty of this law would be the paralegal, Ms. Kane, and possibly the CBS reporter. The medical facility that the paralegal works at probably shares in the blame too. So how many people here will be prosecuted? Probably none.
Of course I don't want to see Ms. Kane or the reporter punished; it's a poorly written law. There are so many poorly written laws (such as copyright laws) where people are punished harshly. Shouldn't these people be pursued with equal vigor?
Responsibility for processes that ensure this does not happen is with management. If it happens, then not the paralegal, but his/her manager screwed up and needs to be punished. With power comes responsibility. It is time for the to be reflected in the legal system.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Someone should be fired immediately. And was there no one at the school that noticed this?
School teachers are not responsible for HIPAA compliance ;-)
Well, it is once in a lifetime chance. The law firm is negligent, is violating privacy law HEPA or whatever. Ambulance chaser in the cross-hairs. Sue that law firm for everything it got.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Good going! Would HIPPA be violated, or lawyer client privileged be violated in this case?
Probably both, ouch...
Yeah, but how else are you going to blame this on public employees? You just know it has to be their fault.
But now it's passed to 3rd parties AND 3rd graders!
No HIPPA violation, law firms aren't healthcare providers nor reimbursers, and neither are schools
Three decades ago when I was in high school, they loaded our PDP-8's line printer with the the back sides of boring inventory reports from some manufacturing company.
However, now that we don't manufacturer anything in the USA any more, and our entire economy is becoming nothing more than a mix of healthcare providers and consumers, they *have* to use old health records for printer paper in schools. There's nothing else to use.
Now the kids will see how bad you get f***d when you go to the doctor and will avoid getting proper medical care!
Having to work for a living is the root of all evil.
Yep. I'm a public university professor, and I regularly have to make copies on the back of once-used paper because we run out of money for paper. I've also been told I need to buy my own printer if I want access to a printer. I'm also being asked to pay for my own inter-library loan articles. Some of our faculty offices have holes in the wall large enough to stick your hand outside and check the weather. (I can't believe I'm not making that one up. But, yep, just looked out window to verify: Prof. Z's office has a fist-sized hole all the way thru the wall; the boards have just rotted away.) Money is getting tight. Unless it's for a new football stadium, which I can see from my window is coming along nicely. (Note to parents: DO NOT LET YOUR CHILDREN GET A GRADUATE DEGREE IN HISTORY, ENGLISH, GEOGRAPHY, OR ANY OF THE HUMANITIES!)
Someone at Larry Flynt publications should arrange for some "scrap paper" to be donated for the benefit of those poor undereducated students. More likely to get some from BoA though..
A) If anyone violated HIPAA, it's the law office, not the school. And whether or not they're in violation of HIPAA specifically depends on how they came upon those records.
B) The paralegal who donated the paper almost certainly will end up losing her job over this. Fortunately for you, we live in a society where people lose their jobs over honest mistakes, since something has to satisfy your misguided rage over something that had no effect on you whatsoever.
C) TFA says this was an afterschool program. I don't know how your school worked, but at my school they didn't have a staff of people to inspect every material used by every afterschool program.
When working through problems for tests or even scratch paper for homework I'd always raid the recycle bin next to all the campus computers. Full of 1 sided paper that is just tossed.
Sometimes you'll find a bunch of PS errors that printed nothing but glyphs on a 1/2 a ream of paper. Then it's the jackpot. I don't ever remember paying for paper during my undergraduate.
Is it perhaps possible that "public" university means one of those insitutions which do NOT charge a fortune in tuition and instead offer a relatively low-cost alternative based on 'public' funding? I'm not an American so my knowledge is limited. Of course I'm also not sure if the GP is an American either, or if an American university is the one under discussion.
Damn greedy teachers with their gold-plated Celicas are too lazy vet their free paper for HIPAA violations. They should be supporting the economy by buying paper for their classroom out of their own damn pockets. And don't spew any socialism about the school board should be providing paper. Probably too busy plotting how to steal crumbs from the mouths of millionaires.
This will get swept under the rug. The lawyers will say that a box of paper records is nothing compared to this -- Sutter Health laptop stolen with unencrypted records of 4 million patients. The defense of saying "but I didn't do nearly as badly as the other idiot" actually works (just ask Stalin about his Hitler excuse). Seriously, the medical industry has worked for decades to make it immune from legal liability, and their efforts have been very effective.
Probably somewhere that has color-less money. Our district gets 'tech funding'. We've bought a few advanced projectors on mobile cats, video cameras, and some other things (no iGear, sadly). But, our teachers get a 'paper allotment' and gott forbid if any other money was spent on paper. The PTA gives teachers a small allocation each year for 'supplementary items' for the classroom. We'd get audited if it was suspected the money was getting used for 'primary education', and that includes buying them new paper. When mentioning at a PTA meeting that maybe the group could act as the go-between to get 'scrap' from local businesses, this issue came up. Who would oversee the appropriateness of the 'scrap'. Which corporate side office would take on the extra work to ensure only approved scrap paper was released, etc. Some government offices would require a 'Distribution A - Approved for Public Release' on any paper that wasn't almost trivially devoid of info.
WAH! I'm stupid! I'm stupid! I'm stupider than you! I'm stupider than you in every way!
Your lyrics lack subtlety. You can't just have your characters announce how they feel! That makes me feel angry!
I have issue with A and B.
If we have HIPAA in place to protect medical information it shouldn't matter the manner the party that released them came about it. If it was a lawsuit brought by a client of the firm or whatever, there should be no loophole what-so-ever for a violation like this.
As for B the paralegal shouldn't be fired, their head was in the right place trying to help out a local school. Now IF this law firm was working on a case concerning these records at one time, then anyone who would possibly come into contact with the documents should have been made aware of any HIPAA regulations. I squarely place blame on the firm itself, not the person that released the documents.
CAPTCHA: scoffed
In addition, teachers are being forced to print/copy more, because they have to 'teach to the test' for all of the NCLB state assessments. there are many other ways to assess learning, but they need recorded documentation, and need to repeat delivery of assessment exercises in the exact form of the big test. (standard test taking practice, been tutoring it for SATs, etc. for years). When you have a predetermined metric, you design to the metric, and in this case that means using more paper.
Or to pay the salary of the newest assistant deputy backup vice superintendent...
Liberty in your lifetime
Someone should be fired immediately. And was there no one at the school that noticed this?
Someone at the hospital should be fired immediately.
I have experience handling medical data, and I have seen how aggressive HIPAA violations are pursued. The slightest mistake can result in fines that are so large that the parent company HAS closed down entire branches only due to some moron's mistake. And although I wont say names, I'm talking about one LARGE company with money to bribe senators and push laws. Yet they never get to avoid repercusions of HIPAA violations.
The hospital in responsible for this is in big trouble. Paralegal excuses wont help them. An investigation would, for one, force the hospital to explain even why paralegals had access to PHI, in a record by record basis.
We've bought a few advanced projectors on mobile cats...
At my school we had mobile projector cats, too. It was hard to keep those little monsters still through an entire lecture, though. Especially when the teacher pulled out the laser pointer.
Health records can contain personally identifying information (like SSN/DOB/address) which can be used for ID theft. (As an ID theft victim, trust me when I say this is *NOT* fun to clean up after.) Also, potentially embarrassing information could be revealed that was trusted to remain between doctor and patient. Working in IT in a medical organization, I can attest to the power HIPAA has over our actions. We need to keep it in mind with everything we do. People get fired for violations like looking up someone's records that they didn't have a job-related need to do. It's not a warning not to do it again with repeat offenders getting the boot. It's strike one and you're out. There will be an investigation and people will be fired.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Oh bother. This is a law firm which deals with private information as a business. It's what they do. Every peon (non-lawyer) should always assume that every document is private, and that disclosure could lose them their jobs. They should be told this, but they should also be able to figure it out on their own.
Now there are scenarios (ex:asking permission) where someone else would be at fault. In the general case, though, the paralegal is squarely at fault. I don't want to hire a lawyer who employs that paralegal... thus one can hardly blame the law firm for not wanting to employ him/her any further.
I won't join Slashcott. OTOH, If Beta goes live, I just won't be back until it's fixed. Sorry Dice.
So.... you're ignoring that a person can give permission for non-covered entities to have access to that PHI. The sort of permission that would have to be granted to a law firm when they are pursuing a personal injury case for a client? The exact sort of law firm which is the subject of the article.
"Lack of speed can be overcome. In the worst case by patience." --Znork
As ID theft victim, I can tell you SS number is only icing on cake, not necessary at all. The DOB and address are trivially obtained, and of course credit card companies send "identity theft kits" whereby any misdelivered mail might give a thief a "check" to steal your money. I've also had a person 800 miles away put medical charges on my insurance account, somehow they had obtained insurance card (misdelivered mail again?) and used in conjunction with their own real ID. So then I get bill with their name on it, thousands of dollars of surgery and services were rendered with no questions asked.
United States public university professor, specifically a [state name] State University (2nd tier; first-tier research schools are University of [state name]). And whether or not public universities charge a fortune is a matter of perspective. Tuition at public universities has skyrocketed since the late 80s when the federal government began to reduce contributions. Then add the costs associated with computer technology needs and increased enrollment. Then add the diminished buying power of the dollar.... Tuition has increased every year. And, frankly, the quality of education has rapidly diminished as schools have been forced to teach a greater number of students with a greater range in ability/preparation. I just moved from an R1 school to this one; the budgets are bad at both, and at both most of the money was going into buildings, administrator salaries, and "development" (fundraising) staff and campaigns, while funding for the labs, libraries, faculty, and staff is slowly taken away.
American here -- the problem is that while public universities certainly have lower tuition than private universities, you're still looking at fairly high tuition prices that are climbing every year (they usually have to get permission from the state legislature, which dithers a bit and then raises the cap).
Add to this the fact that in order to get the good courses (and an actual degree), you have to be matriculated (officially enrolled in a degree-granting program), and in order to stay stay matriculated to you have to stay above a certain course load threshold, . . . and it means that people who are getting degrees mostly can't have full-time jobs at the same time. Most people don't have the stamina to have part-time jobs year-round while also taking enough courses. Which means the schools are requiring a rate of schooling that is inconsistent with staying out of debt.
If OWS was a crowd that thought through cause-and-effect sorts of relationships, they might have pointed out that this is a major reason why students graduate with mountains of debt and degrees that can't pay it back.
spoiler (rot13):
Na bssvpr vf erhfvat gur onpxf bs hfrq cncre. Fbzrbar gura nfxf "'Jung'f gur Rkrphgvir pbzcrafngvba yvfg?"
Not ignored, if that is the case the hospital has to provide record of said permission. It's part of "explain even why paralegals had access to PHI."
"explain even why paralegals had access to PHI."
Because the patient voluntarily released the information to her own law firm? They're personal injury lawyser representing her. The hospital did nothing wrong, and the law firm no more HIPAA-bound than a random guy you hand your medical records to. Not to say they won't be sued or censured for ordinary mishandling of client records.
Socialism: a lie told by totalitarians and believed by fools.
That's the zoom-out feature. They're working on getting it to zoom-in.
There is a good chance that 99% of the paper was just random scribblings and memos and there just happened to be 1 or 2 sheets of sensitive stuff.