HIPAA Violation Discovered by Crown Point Medical Tests

by | Jun 8, 2015

A former business owned by Crown Point Medical Tests has breached the Health Insurance Portability and Accountability Act (HIPAA) after it did not securely dispose of files containing the Protected Health Information (PHI) of at least 167 people. The victims had previously had medical tests completed through My Fast Lab.

My Fast Lab was established by Barry Walker of Cedar Lake in 2013, although the business is no longer operating. The company was known for its low cost medical testing services, which were advertised as being up to 70% less than competitor prices.

However the business closed, and the former office of the company has since been listed. Some of the contents of the facility, including patient files, have been disposed of along with regular commercial waste in a public area, in violation of HIPAA Rules. HIPAA requires that PHI is securely and permanently destroyed when it is no longer required.

The files were located by a local resident at the rear of a Crown Point strip mall. While taking out the garbage from the pizza restaurant where he employed, Adam Mitchell recognized a number of items in the dumpster which looked like they could be of value.

He saw two blood centrifuges, a digital printer and some discarded medical supplies, along with what seemed to be a number of paper files. Mitchell was aware that sensitive data could not be disposed of in publicly accessible dumpsters. He removed the files that had not been damaged beyond repair by liquid waste. Overall, 17 files were recovered.

The data stored on the files was of a highly sensitive nature, and included medical test results such as paternity tests, drug screening data and tests for sexually transmitted infections. Patients’ names, addresses and telephone numbers were listed along with Social Security numbers, Driver’s license numbers, insurance card numbers, blood types, and credit card details. Credit card expiry dates and security codes were also held in the files.

Mitchell wasn’t sure what to do next with the data so called one of the numbers on the list – that of a local businessman – who was angry to discover the disclosure of his personal data. Mitchell was subsequently advised to notify the press, and contacted a newspaper run by the Times Media Co. The matter has now been reported to the state Attorney General and the files have been gathered and secured.

It is not obvious at this stage how the data got from the disused offices to the trash dumpster. What is known is that My Fast Lab should have stopped this disclosure from occurring. The Indiana attorney general is likely to take action for the HIPAA breach.

The state AG has already used his right to take action over the illegal dumping of medical records. A fine for $12,000 was issued to Joseph Beck earlier this year for failing to securely get rid of medical records.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy