November 29, 2020

Volume X, Number 334

Advertisement

Mind Your PHI - Even in the Trash

A Greensboro urgent care center recently agreed to pay $50,000 to settle a case filed by the N.C. attorney general after the center’s discarded patient records for more than 750 individuals were discovered in a Dumpster, complete with individuals’ names, Social Security numbers, birth dates, insurance account numbers and PHI. The center had hired a contractor to destroy the records. The attorney general brought the action under the State’s Identity Theft Protection Act. The act requires businesses to adopt formal policies and procedures for secure disposal of records containing personal information and to take steps to ensure that any contractor hired to destroy such records is reputable and competent. This case highlights the value of investing time and resources in secure record destruction and due diligence of record disposal contractors, which would likely cost much less than the monetary penalties a health care provider faces for illegal dumping of patient records.

© 2020 Poyner Spruill LLP. All rights reserved.National Law Review, Volume , Number 186
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Data is a vital asset to any business. And, in many cases, data is the enterprise’s most valuable asset, regardless of whether it’s a high-tech company with significant intellectual property assets, a financial services provider processing financial information, a retailer storing customers’ contact information, or a health care provider with patients’ medical records. In a world where data breaches regularly make headlines, every business that collects, processes, and/or transmits data needs to understand the related legal risks and obligations.

While these risks and...

919.783.2853
Advertisement
Advertisement