Wisconsin's River Falls Medical Clinic recently notified approximately 2,400 patients that their personal information may have been accessed.
"The breach occurred after clinic officials reported stolen equipment to the River Falls Police in the summer of 2012," The River Falls Journal reports. "Police investigated and found the stolen equipment, as well as paper documents containing patient-identifying information in the suspect’s home on Nov. 28. Police also found stolen items taken from City Hall and the public library. Suspected thief, Gordon A. Eckes II, 35, 1450 S. Wasson Lane #41, was employed by an outside cleaning service."
Eckes is accused of taking paper documents from bins at the medical clinic -- the documents contained personal information including patients' first and last names, dates of birth, diagnosis codes, scheduling information, insurance information, account numbers and medical chart numbers. Some documents also contained Social Security numbers, home addresses and phone numbers.
"This case is comparable to the Tallahassee Memorial HealthCare breach reported last week that involved a lack of governance for paper record de-identification, as apparently Eckes stole paper documents from clinic bins with documents that were meant to be shredded," writes HealthITSecurity's Patrick Ouellette. "While the clinic says that it verified the credentials of all of its cleaning staff and only clinic employees and the shredding company should have been able to retrieve the documents, these types of breaches back up the new HIPAA rules regarding subcontractors."