Open wide – your health information can even leak out from your dentist

It's in the news almost every week.  Unauthorized users access electronic health records, laptops and passwords are stolen, and physicians accidentally send emails with private health information to the wrong recipient.  High tech breaches of medical privacy are becoming commonplace. However, sensitive medical information can also leak out the old-fashioned way – through paper records contained in file folders…remember those?

A dentist in Indianapolis, Indiana apparently forgot about that risk. Instead of properly disposing of files for over 5,000 patients, he left them in a church recycling dumpster. He had a reason to want to ditch them quickly - he had lost his dental license due to fraudulent billing less than two years earlier and may have been eager to destroy any remaining evidence. But carelessly discarding of paper medical records was the wrong way to try to avoid another trip to his lawyer.

At first glance, the dentist's carelessness may not seem that serious. After all, the records were placed in a dumpster to be hauled away. But they contained extremely sensitive information, such as names, social security numbers, phone numbers, diagnoses, treatments, and insurance information for thousands of people.

The State of Indiana charged the dentist with violating state medical privacy law as well as the federal Health Insurance Portability and Accountability Act (HIPAA). He agreed to a consent judgment to settle the case and paid a $12,000 penalty.

Other providers should take notice. This case is representative of increased enforcement of HIPAA over the past few years for violations involving both electronic and 'hard copy' records. The federal Department of Health & Human Services received almost twice the number of HIPAA complaints in 2013 as it did in 2004.  In May of last year, New York Presbyterian Hospital and Columbia University Medical Center in New York settled HIPAA-related charges stemming from their failure to secure patients' electronic health information. The settlement amount was $4.8 million dollars, the largest HIPAA settlement to date.

Whether it's a dentist leaving boxes of records in a dumpster or a hospital failing to protect electronic data, privacy breaches are increasingly cause for concern for patients and providers alike.

__________

Matthew Maughan is a third year student at the Thomas R. Kline School of Law at Drexel University concentrating in health law.

-----

Have a health care question or frustration? Share your story »