![[HIPAA Breach] Doctor to Patient: Sorry I Lost Your Data](https://guardiandatadestruction.com/wp-content/uploads/article-placeholder.jpg)
[HIPAA Breach] Doctor to Patient: Sorry I Lost Your Data
Posted in Blog
Glenn Laga
Dear Patient,
We regret to inform you that last week we learned that your personally identifiable information, including name, address, passport, date of birth, place of birth, genetic information, and social security number may have been compromised. Last Monday, it was discovered that an unauthorized person sorted through some hard drives we had disposed of in a facility adjacent to our office and gained access to the protected health information contained on those drives.
We sincerely apologize and reaffirm our commitment to providing you with quality care in the future.
Sincerely,
Doctor
Does this sound like a letter that you want to write?
Unfortunately, a HIPAA breach can have more serious repercussions for healthcare firms than just an apology letter. According to the US Department of Health and Human Services, covered entities under HIPAA must issue a press release to media serving the area within 60 days of a breach impacting 500 of more people in a state or jurisdiction under the Breach Notification Rule (HHS, n.d.). This can cause irreparable damage to the company’s reputation and loss of market share. The company must also notify the HHS secretary of breaches involving 500 or more people so that the bureau can make the information publicly available on this breach portal (HHS, n.d.). And that’s not even to mention the millions of dollars in lawsuits that are likely to accompany all of this humiliation.
To quote IT service provider Congruity, “onsite data destruction is the best way to be 100% HIPAA compliant.”(Congruity, 2016) Recognizing the protected health information may be lost or stolen in transit to an offsite shredder, Guardian brings its mobile shredding lab, equipped with a 2MM solid state shredder, onsite to the client’s location. Please view this quick video to compare 30 mm shredding against 2 mm solid state drive shredding. You’ll see that this more granular level of disintegration is the only way to ensure compliance with HIPAA guidelines by making sure there is absolutely no way that information can be gleaned from the debris.
How does your company securely dispose of its protected health information? Does your hardware vendor utilize a 2 mm shredder? For questions about secure data destruction or to find a 2 mm solid state shredder near you, email Guardian at info@guardiandatadestruction.com.
Sources
US Department of Health and Human Services Office for Civil Rights. Health Information Privacy, Breach Notification Rule. (n.d.) Retrieved on January 3, 2017 from https://www.hhs.gov/hipaa/for-professionals/breach-notification/
US Department of Health and Human Services Office for Civil Rights. Breach portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information, Breaches Affecting 500 or More Individuals. (n.d.) Retrieved on January 3, 2017 from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Congruity. Why Onsite Data Destruction Is The Best Way To Be 100% HIPAA Compliant. (2016, March 9th). [Website blog post] Retrieved on January 3, 2017 from http://www.congruity.com/why-onsite-data-destruction-is-the-best-way-to-be-100-hipaa-compliant/
We also recommned
IT Asset Manager’s Guide to a Hybrid Data Destruction Policy
IT Asset Managers (ITAMs) are Rock Stars. That’s how we see it. Along with everything else on their plate, they’re managing and documenting the data …
IT Asset Manager’s Guide to a Hybrid Data Destruction Policy Keep Reading >
Reduce Risk in Enterprise Data Destruction: Reset Data Center Factory Defaults
Data destruction for the enterprise goes far beyond shredding, wiping and degaussing of data storage. Once data destruction processes move from desktops and laptops, hard …
Reduce Risk in Enterprise Data Destruction: Reset Data Center Factory Defaults Keep Reading >
5 “E” Rules to Go Bananas and Grow Your Business in Data Destruction
It’s a wrap for the 2023 i-SIGMA Conference and annual meeting. The Guardian #isigmaconf23 team was all ears for marketplace trends, industry takeaways and customer …
5 “E” Rules to Go Bananas and Grow Your Business in Data Destruction Keep Reading >
Stay in the know
Get relevant information right in your inbox
We do not sell or share your information with anyone