
Western Washington Medical experienced a PHI breach when the protected health information of 842 patients of Group was exposed in November 2017 after files including sensitive health information were disposed, in error, with normal rubbish.
On November 13, 2017, the janitorial service supplier employed by the medical organization emptied shredding bins with regular rubbish. Instead of sensitive documents being completely destroyed in line with HIPAA Rules, they were emptied into regular rubbish bins. Western Washington Medical Group found the mistake the next day, but too late to rescue the documents as the rubbish had already been collected and brought to landfill sites for disposal.
The breach was restricted, but patients affected have had a range of sensitive data exposed including names, addresses, medical treatment forms, diagnoses, medical histories, appointment details, and health insurance billing data.
Patients affected by the HIPAA violation had previously attended WWMG Orthopedic, Sports and Spine centers for medical services. Notification correspondence was sent to all affected patients by first class mail on January 12, 2018.
The paperwork could possibly have been obtained by unauthorized people although the danger to patients is thought to be low. No reports have been submitted that suggest any PHI has been improperly used. However, despite the low level of danger and as a precautionary measure, affected patients have been offered free identity theft protection services for one year through ID Experts.
Janitorial workers have received additional training training to avoid privacy breaches from occurring going forward.