Documents containing the sensitive information of 842 patients at Western Washington Medical Group were compromised on November 13, 2017. Apparently, the documents were thrown away with regular trash by mistake.
The sensitive documents in the shredding bins were supposed to be permanently destroyed in accordance with HIPAA Rules. However, instead of destroying them, the janitorial service emptied the shredding bins into regular trash bins. The next day, Western Washington Medical Group found out about the error. But it was too late to retrieve the documents as they were already collected for disposal in landfill sites.
The impact of the breach is limited to patients who visited WWMG Orthopedic, Sports and Spine centers for their medical services. But the following information had been compromised: names, addresses, medical histories, diagnoses, appointment dates, and health insurance billing information. Persons affected by the breach were sent notification letters on January 12, 2018 via first class mail.
It is possible that the documents could have been viewed by unauthorized persons, although the related risk is expected to be low. There was also no report of misuse of any PHI reported. But to be extra cautious about possible identity theft, the patients were offered free identity theft protection services for one year via ID Experts. And to avoid similar incidents from happening, the janitorial staff were given additional training.