Following on the heels of the discovery of hospital records in a town garbage dump, today’s Boston Globe reported that "computer files that possibly contained personal information on about 800,000 people connected to South Shore Hospital are ‘unrecoverable.’" However, the investigation into this breach determined that there was a low of harm risk to those individuals whose records were lost, given that the tapes in question "would require specialized equipment and software to read the information."
Interesting, South Shore Hospital originally planned to give individual notice, but changed plans and went with the Boston Globe ad. The Attorney General’s Office "has objected to South Shore Hospital’s revised notification plans and maintains that affected consumers should receive individual notification as originally represented by South Shore Hospital in its prior public announcements concerning the data loss."
The confluence of these events is building the pressure on state regulators to beef up existing laws and regulations about the disposal of health information — even beyond what is already required by HIPAA and a robust set of state rules. A particular focus of any future crackdown may be the vendors that perform much of the disposal.