Confidential records found in Paulding Co. dumpster

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.wsbtv.com/news/news/local/personal-medical-records-found-paulding-co-dumpste/nWghG/

PAULDING COUNTY, Ga. —

The FBI is investigating a dumpster full of medical documents that
Channel 2's Ross Cavitt found outside an office complex in Hiram.

Cavitt called authorities after finding the documents full of people's
sensitive identification and medical information. The caller who gave
Cavitt the tip said the documents were in the dumpster all weekend.
Someone also might have dumped other boxes in the past 48 hours, the
caller said.

Cavitt didn't have to dive in too far to find Social Security numbers,
addresses, dates of birth and bank account information. There were
also documents with private health information.

Cavitt called the Hiram Police Department. Police came and started
contacting the offices listed on those documents.

"I need to get those records out of there because they were placed in
their incorrectly," a Channel 2 Action News camera recorded an officer
saying.

One man told police he was with one of the nearby offices involved and
wanted to clean out the dumpster, but police kept it sealed off as
they tried to figure out what to do with it all.

It appears the documents Cavitt found came from two separate medical
offices in the Hiram complex, including an orthopedic office and
Family Intervention Services, which deals with juvenile issues.
Coincidentally, they had both just moved out.

Federal regulations of the so-called protected health information
spell out clear rules on how such documents are supposed to be
shredded, burned, or pulverized so that it's rendered essentially
unreadable, indecipherable, and otherwise cannot be reconstructed.

David McBride runs a loan business and has a licensed and bonded
company destroy all of his outdated documents. He worries for those
whose records were found in the dumpster.

"I'm very concerned. I have seen people go through dumpsters before,
but all of ours is secure and it's all under lock and key," McBride
said.

Cavitt got no immediate comment from the two medical companies that
appear to be involved. Meanwhile, Hiram police said with no local laws
in play, they turned to the feds.

"At this time we've contacted the FBI field office in Rome, and they
got into contact with us stating that they are going to send an agent
down to look at this case, and hopefully they'll take it over from
there," Hiram police Lt. Brian Acree said.

In the meantime, the records were staying in the sealed off area.

Federal regulations said violators can face significant fines, which
vary depending upon the circumstances.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.