Think your small business is immune to a HIPAA fine? Think again. A small Denver pharmacy just got a large dose of reality—in the form of a $125,000 fine for throwing paper patient records in the dumpster. Officials learned of the data breach through a local news outlet regarding the disposal of unshredded documents containing the protected health information of more than 1,600 patients in an unlocked, open container.
What’s worse, Cornell Prescription Pharmacy had no written policies and procedures in place on how protected health information should be disposed of and no employee training or education surrounding those policies and procedures—both required by the HIPAA Privacy Rule.
HIPAA Privacy Rule
“Regardless of size, organizations cannot abandon protected health information or dispose of it in dumpsters or other containers that are accessible by the public or other unauthorized persons,” says Department of Health and Human Services’ Office for Civil Rights Director Jocelyn Samuels. “Even in our increasingly electronic world, it is critical that policies and procedures be in place for secure disposal of patient information, whether that information is in electronic form or on paper.” Cornell Prescription Pharmacy had no written policies and procedures in place on how protected health information should be disposed of and no employee training or education surrounding those policies and procedures—both required by the HIPAA Privacy Rule.
To read the entire article, click here >>
Protect Your Business with DataShield
In addition to information destruction services, DataShield’s employee compliance training arms companies with the tools and templates needed to make sure employees understand the high risks associated to improperly disposing of sensitive information.