842 patients of Western Washington Medical Group have had their protected health information exposed when files including sensitive health information were disposed of with regular trash in November 2017.
The breach occurred when the janitorial service used by the medical group removed the contents from shredding bins along with regular trash. Instead of sensitive documents being permanently terminated in adherence with HIPAA Rules, they were removed in regular trash bins. Western Washington Medical Group staff spotted the mistake the next day, but too late to remedy the situation and recover the files as the trash had already been removed to landfill sites for termination.
The violation may have been only small, but those impacted have had a range of sensitive information exposed including (but not limited to) names, addresses, medical history files, prognoses, medical records, appointmentdetails and health insurance billing data.
Peoples that may have been impacted by the breach had been to visit WWMG Orthopedic, Sports and Spine centers for medical services for treatment or consultations. Notification correspondence was issued to all those affected individuals by first class mail on January 12, 2018.
The paperwork in question could potentially have obtained by unauthorized people although the chance of harm to patients is though to be minimal. No reports have been made that imply any PHI has been misused by any individuals. However, despite the perceived small level of danger and as an additional cautionary step, affected patients have been offered free identity theft protection facilities for 12 months through the ID Experts company.
Additional training has been given to Janitorial staff to help avoid prevent similar privacy breaches from happening again.