The story is so often told. Small businesses think, “This will never happen to us. It’s the big corporations that experience medical data breaches, not the small neighborhood offices.”
But then it does. And it’s devastating.
Since 2009, over 29 million patient health records have been compromised in HIPAA data breaches. That number increased by 138 percent from 2012 to now.
The more often medical data breaches occur, the more small businesses realize that it’s not just large companies who become exposed. Medical data breaches not only occur within a facility when hackers break it, but also on the outside.
Employees may think they are properly disposing documents by participating in company recycling programs, but when documents contain sensitive information, recycling should never occur until after paper has been securely shredded.
In early November, a medical facility in San Antonio experienced a medical data breach when someone found confidential documents in a recycling bin. Lucky for the medical facility and its patients, the kind citizen turned them in before they got in the wrong hands.
The doctors of this office released a statement about their disappointment in this incident that they called a “terrible mistake.” The employees who caused this near-devastating event had good intentions – recycling – but failed to follow their company’s policies and procedures, which exist to protect patients’ private information.[Click Here to see the video from the San Antonio recycling bin where medical records were found]
Companies who develop recycling programs without secure paper shredding pose a huge threat to their customers’ privacy. The second a document is released from the facility, it becomes accessible to the public. In the case of the San Antonio medical office, social security numbers and drivers license numbers were found on the exposed documents. Those pieces of information are more than enough to steal someone’s identity.
Medical data breaches are far too common but fortunately, they are avoidable. Contact one of DataShield’s security experts today to begin developing a set of policies and procedures employees must follow when disposing of sensitive information.