Employee training, written policies and destroying discarded paper records are included in the top ten data protection compliance recommendations. [Read More…]

Analysis of hard drives bought on the second hand market showed that a significant number still contained personal information despite obvious indications that the owner had tried to overwrite the information themselves. [Read More…]

An analysis of the contents of commercial outside trash “dumpsters” conducted in Toronto determined that 3 out of 4 doctors’ offices contained improperly discarded personal health information. [Read More…]

States’ Attorneys General are being currently being trained  by HHS to aggressively utilize their new HIPAA enforcement mandate. [Read More…]

Neither pressing the “Delete” button or reformatting removes data from a computer hard drive. It only erases the index and conventional recovery utilities can still easily access the information unless the hard drive is properly sanitized or destroyed. [Read More…]

According to HHS, “Paper, film, or other hard copy media have been shredded or destroyed such that the PHI cannot be read or otherwise cannot be reconstructed.” [Read More…]

PHI is considered any information about a patient, including diagnosis, treatment, billing, or personal information associated with treatment [Read More…]

Improper disposal of PHI among top 5 causes of required health data breach notifications: 1. Theft, 2. Loss, 3. Unauthorized Access/Disclosure, 4 Improper Disposal, 5 Hacking/IT Incident (US Dept. of Health and Human Services) [Read More…]

The unsecure disposal of PHI would be an example of a HIPAA offence qualifying for the maximum level of mandatory fines, according to the US Dept of Health and Human Services. (Federal Register Pg 40879) [Read More…]

The US Dept of Health and Human Services will soon be required to investigate complaints about improper disposal of PHI. (Federal Register – pg 40876) [Read More…]