The proliferation of data breaches and the potential mishandling of Protected Health Information (PHI) have sparked concerns about the security of storing medical records in traditional storage units.
The Vulnerabilities of Keeping Medical Records in Storage Units
A recent article, written by Jason Miles for KHOU 11 News, clearly revealed some of the big risks associated with keeping PHI at a storage unit, versus a Records Management Center. Ben Rosales won a storage unit auction; sight unseen, and instead of the common comics and collectibles he has found in the past, he encountered boxes with “hundreds of files detail personal patient data including healthcare histories, names, addresses and Social Security numbers.”
And the article continues, “These doctors are trained on how to handle these files, they’re not supposed to be left behind,” Rosales said. “So it’s something I was not supposed to find.”
When medical records are entrusted to storage units, several vulnerabilities arise. Firstly, the physical storage environment itself may lack the necessary security measures to safeguard sensitive information effectively. Storage facilities, although designed to protect belongings, may not employ adequate protocols to ensure the privacy and confidentiality of medical records. This leaves patient information susceptible to unauthorized access, theft, or damage.
Furthermore, the transfer of ownership of storage units can introduce additional risks. In instances where storage units are sold or transferred, the sensitive medical records contained within them may inadvertently end up in the wrong hands. This unintended consequence poses significant dangers, potentially compromising patient privacy and confidentiality, in accordance with State and Federal laws. The lack of a robust system to track and monitor ownership changes within storage units increases the likelihood of such breaches occurring.
Data Breaches and the Responsibility Involved
According to state law, medical records must be maintained for at least seven years after a patient’s last visit and may only be destroyed by secure shredding or burning. In the case of the storage unit found, the doctor in charge of the medical practice “inadvertently let his storage unit lease lapse, leading to the auction”. Data breaches affect various industries, including healthcare, and in the context of storing medical records in storage units, the risk of data breaches is heightened. A single breach can have severe consequences, leading to identity theft, medical fraud, and the erosion of patient trust in healthcare institutions.
This type of scenario, is exactly why VeriTrust began to offer Custodial of Records Services, over 10 years ago. We identified a great need to address retiring and closing medical practices to maintain full compliance and manage Protected Health Information (PHI) in accordance with best practices.
In conclusion, The risk of storing medical records in storage units is a multifaceted issue that demands careful consideration. VeriTrust offers cost-efficient Records Management Services that address the full records lifecycle, reducing risk and building ongoing trust beyond the patient treatment date. Our staff is HIPAA trained, certified and re-certified on an annual basis. Our facilities are highly secure and protected by surveillance, perimeter systems and role based card access. Custodian of Records/ROI solutions include, Records Storage, Release of Information, Scan on Demand and Secure Destruction.
To find out more about VeriTrust’s Custodian of Record service, contact us by phone or fill in the form on our company site.