Crown Point Medical Tests Uncovers HIPAA Breach

A former company belonging to Crown Point Medical Tests has breached the Health Insurance Portability and Accountability Act (HIPAA) when it did not securely throw away files having the Protected Health Information (PHI) of more than 166 people. The victims had earlier had medical checks handled via My Fast Lab.

Barry Walker of Cedar Lake established My Fast Lab in 2013, even though the business is no more in operation. The business was famous for its extremely inexpensive medical checking services, which were publicized as being up to 70% less compared to competitor rates.

Nevertheless, the business didn’t survive, and the previous office of the business has since been listed. Some of the substances of the service, including patient records, have been discarded together with usual commercial garbage in an open area, in breach of HIPAA Laws. HIPAA requires that PHI is securely as well as lastingly abolished when it’s no longer needed.

Extremely Sensitive Data Thrown in Open

The files were discovered by a local inhabitant at the rear of a Crown Point strip mall. While taking out the garbage from the pizza cafe where he worked, Adam Mitchell saw many items in the dumpster which appeared like they might be of worth.

He noticed a digital printer, two blood centrifuges, and some thrown away medical supplies, together with what seemed to be many paper files. Mitchell was conscious that confidential data might not be disposed of in open dumpsters. He recovered the files that hadn’t been irreparably spoiled by liquid trash. In total 17 files were retrieved.

The data included in the records was of an extremely confidential nature and contained medical test results like drug screening information, paternity tests, and tests for sexually transferred infections. Patients’ names, telephone numbers, and addresses were listed together with Driver’s license numbers, Social Security numbers, blood types, insurance card numbers, and credit card numbers. Security codes and credit card expiry dates were also recorded in the files.

Mitchell was not certain what he must do with the info so phoned one of the phone numbers on the listing – that of a native businessman – who was infuriated to discover the revelation of his private information. Mitchell was then advised to inform the press and made contact with a newspaper managed by the Times Media Co. The issue has now been informed to the state Attorney General and the documents have been gathered and protected.

It’s not clear at this point how the data moved from the deserted offices to the dumpster. What’s obvious is that My Fast Lab must have avoided this revelation from happening. The Indiana AG is likely to take a court case for the HIPAA breach.

The state Attorney General has already used his privilege to take action over the unlawful dumping of medical files. A fine for $12,000 was imposed to Joseph Beck previously this year for failing to safely dispose of medical files.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.