According to JAMA Study Improper Dumping of PHI is Common

April 7, 2018


A lately finished study (published in JAMA) has highlighted just how often hospices are disposing of Protected Health Information in an unsafe way. While the analysis was finished in Canada, which is not subject to HIPAA, the outcomes highlight a critical area of Protected Health Information safety that is often ignored.

Wrong Demolition of Protected Health Information is More Usual than Earlier Thought

Researchers at St. Michael’s Hospital in Toronto checked recycled paperwork at five coaching centers in Canada. Each of the five hospices had policies to account the secured removal of documents that contained Protected Health Information and separate recycling bins were provided for general paperwork and documents having confidential data. The latter was torn prior to being disposed of.

In spite of the document disposal processes, paperwork containing personally identifiable information (PII) and Protected Health Information (PHI) were often wrongly put in the boxes. The scientists found 2,867 documents having PII and 1,885 items containing personally identifiable health information in the standard recycling bins. 1,042 documents contained high sensitivity PII, 843 items had PII with medium sensitivity, and 802 had minimal sensitivity data.

821 items contained summaries, clinical comments, and medical reports, there were 385 rejected labels with patient identifiers openly identifiable, 345 billing paperwork items, 340 analytical test results, and 317 requests and communications having personally identifiable data.

The study discloses that even with policies set up covering the correct removal of paper records, confidential data is still habitually disposed of in an insecure way.

Wrong Removal of Protected Health Information in the USA

In February 2018, 23% of the month’s healthcare data breaches involved paper/film records. Those breaches impacted 121,607 people. In January 33% of the month’s data breaches involved paper/film files. Those breaches impacted 13,513 people.

All in all, between January 1, 2010 and December 31, 2017, there have been 514 healthcare data breaches involving 500 or more paper files. Those breaches have impacted 3,393,240 people.