A Greensboro urgent care center recently agreed to pay $50,000 to settle a case filed by the N.C. attorney general after the center’s discarded patient records for more than 750 individuals were discovered in a Dumpster, complete with individuals’ names, Social Security numbers, birth dates, insurance account numbers and PHI. The center had hired a contractor to destroy the records. The attorney general brought the action under the State’s Identity Theft Protection Act. The act requires businesses to adopt formal policies and procedures for secure disposal of records containing personal information and to take steps to ensure that any contractor hired to destroy such records is reputable and competent. This case highlights the value of investing time and resources in secure record destruction and due diligence of record disposal contractors, which would likely cost much less than the monetary penalties a health care provider faces for illegal dumping of patient records.