Protected health information of nearly 277,000 patients at Texas Health Harris Methodist Fort Worth has been compromised after several hospital microfilms, which were supposed to be destroyed, were found in three different public locations. While the patients are being notified about this data breach, it is believed that information including patient names, addresses, dates of birth, medical record numbers, clinical information, health insurance information, and in some cases, even Social Security Numbers have been given away.
Although the organization had contracted with Toronto-based Shred-It to destroy the patient information, it is believed that the microfilms were not actually destroyed as it was agreed upon in the contract. A portion of the microfilm was found in a park in May, and three others were found in two other public locations.
While Shred-It is said to have assured the hospital that the microfiche in its possession was disposed of, the spokesperson for Texas Health Resources, Wendell Watson, said in an e-mail statement that it is unlikely that any information was accessed from the microfiche as they could be read only using a specialized reader. He also said that the microfiche was limited to Texas Health Fort Worth patients who were seen between 1980 and 1990.
As per data from the Department of Health and Human Services, this is the third big HIPAA breach for a Texas Health Resources hospital. This incident is another warning for healthcare entities to encrypt and protect physical data storage devices that pose a high risk of loss/theft. A comprehensive privacy and security management platform like Aegify Security Posture Management or Aegify SecureGRC can prove highly beneficial to healthcare organizations in protecting patient health information and preventing data breaches from taking place.