Breach Tied to Recycling Bin

S.C. state employee failed to shred documents Howard Anderson (ismg_editor) • April 26, 2010

The South Carolina Department of Health and Environmental Control is wrapping up notification of nearly 3,000 individuals about a breach stemming from documents that were improperly discarded in a recycling bin behind the department's headquarters rather than shredded.

After someone turned in the documents discovered in the recycling container, the department conducted an investigation, which led to the firing of an employee who admitted placing the documents in the bin instead of taking them to a shredding facility, says Earl Hunter, department commissioner.

State officials do not believe any information in the documents has been used for criminal purposes, and no charges have been filed against the fired employee. "We've notified the three national credit reporting agencies and the South Carolina Department of Consumer Affairs about the incident," Hunter says.

The department also notified the media and the Department of Health and Human Services as required under the HITECH Act's breach notification rule.

The South Carolina agency reports that documents mistakenly disposed of in the recycling container included information submitted by healthcare providers to have patients participate in three screening programs. The documents, mainly submitted between Jan. 8 and Feb. 17, 2010, contained a variety of information, depending on the screening program, but may have included names, addresses, telephone numbers, dates of birth, Social Security numbers, income levels and brief medical histories and other health information.

"We've notified 1,824 individuals whose information was returned to the agency from the recycling container," says Earl Hunter, department commissioner.

"We've also notified 1,026 individuals whose information was submitted to use for processing in these programs during this time period, even though the documents returned to us did not include information about these individuals. Since we can't be certain that all of the documents have been recovered, it is possible that information about these individuals might also have been improperly placed in the recycling container."

The department is now attempting to identify mailing addresses for a small number of individuals involved, Hunter says. In letters it has already sent, it advised affected individuals to check their credit reports and contact national credit reporting agencies to take steps to protect their identity.