Offsite storing of paper medical files might be convenient if facility room is restricted; but as Kailspell-based healthcare supplier, Urology Associates lately found the decision to store files offsite might prove to be costly. The firm had taken help of a local storing service and rented a unit to stock boxes of old medical files. Unluckily, the facility was lately thieved.
Storage Units are Dangerous Places to Keep Confidential Medical Files
Storage units are often thieved. The units are fortified with locks; but in a number of cases, all that’s needed to access the matters is a collection of heavy duty bolt cutters. Burglars have understood there are simple loots to be had from storing units, and police have had to cope with a flurry of storage unit break-ins lately. The problem isn’t restricted to Kalispell; it’s a nationwide problem.
Files Possibly Accessed, but not Thieved
Medical files are exceptionally important. Whole sets of files can sell for approximately $60 on the black market. Clean records, like as those of kids, can be even more costly. $200 for each set isn’t unheard of. Multiply the lowermost figure by the quantity of files in the unit – 6,500 as per the Division of Health as well as Human Services’ OCRs “Wall of Shame”, and those files were probably to be some of the most valued items in the whole facility.
Luckily, the criminals did not know that. In an attempt to find something valuable, the thieves turned over the boxes in the unit, however, they could not find the wood for all the trees, and didn’t take away the files from the unit.
The break-in happened on or recently before May 25, 2015. Urology Associates was informed of the data break on May 26, when the storing service was opened for work. The lock had not been meddled with, in its place the burglars chopped the metal around the lock to get access to the substances. A number of other units had been broken into in a similar way in the same event.
No Files Thieved; Same Break Cost just as They Were
Tanna Darling, Urology Associates Practice Manager, notified regional news channel, The Daily Interlake, concerning the break-in. She informed a reporter, “Everything was in disorder, however, it honestly did not appear like they stole anything,”
Nevertheless, even though no files seem to have been stolen, a complete break response was still needed. She said, “We dispatched lots of letters,” then inflating that by saying “More than a few thousand letters have been dispatched.” She also validated the possible victims are being provided one year of credit checking facilities without fee, in the unlikely happening that their data was removed or copied.
It has been imagined that the thievery was most probably committed by somebody who had entrance to the service; one more client of the rental firm. The compound was gated, and the entrance was gotten with a key.
In this instance, little harm seems to have been brought about. Had the burglars been a bit cleverer though, it might have been another story.
A statement has already been made to the OCR and also patients have been informed of the break of their PHI, just within the maximum deadline permissible by the HIPAA Break Notification Law.
HIPAA Covered entities must note this incident and must make sure that if they are keeping medical files offsite, proper security controls should be ready to safeguard the files, as needed by the HIPAA Secrecy Law. If safeguards are insufficient, heavy penalties might be imposed.