The Death of Privacy from Medical Identity Theft
Imagine photocopies of checks, social security numbers,
dates of birth, & many other types of highly confidential
personal data for up to tens of thousands of former
students were not stolen by identity thieves but were
simply thrown into the trash without any shredding.
Well, instead of imagination, this actually happened in 2003
involving the University of Minnesota. The documents, though,
covered consumer data from the 1970s to the mid 1990s.
It seems, the university's Department of Healthcare Management's
independent study program office, known as the Excutive Healthcare
Study program, was the offending agent in this very serious breach
of personal data security.
"That could cause thousands of identity thefts."
The documents, estimated to be as many as 300 boxes worth, sat in
an open trash bin before being subsequently dumped in a public
landfill where anyone could just pick up this type of sensitive
- Social Security numbers (ssn)
- Dates of Birth
- Checking account numbers
- Legal signatures on checks and applications
- Home addresses
- Telephone numbers
- Patient Medical histories
- Student grades including ssn
But why would someone simply throw into an open trash
bin sensitive consumer data most associated today with
rampant identity theft and credit fraud?
Expediancy is the answer then as it is now.
You see, businesses do not like for their employees to waste time
on non revenue producing tasks. With the pace of business today
and it's resulting premium placed on profit at any costs, you will
find a "take any action - even it's the wrong action" mentality
which is common in most companies. As an example, remember
Enron as one of the more aggregious offenders of expediancy
and out of control profit seeking we've seen in recent years.
Within this type of business climate, is it any wonder that
some old, moldy boxes of records no one really cared about
could easily be disposed of in an open trash bin?
Here's three big reasons why someone at the University of
Minnesota or any other current day would be offender will
want to care about how they dispose of sensitive consumer
financial and medical data:
These three acronymns are federal laws which were
enacted specifically to protect the privacy of
consumer data after past incidents of abuse became
so widespread that our U.S. Congress was forced to pass
new legislation to stop those business practices deemed
to be outright harmful to Americans.
But, you will find as we expose throughout this month,
organizations continue to commit acts of improper
records disposal - especially medical data because
there has been very little real enforcement of
those laws with active monitoring.
So, our tip for today is to demand your rights under federal
law to have organizations which maintain your documents
containing your social security number (ssn) and medical
information to shred or burn them before disposal.
For any organization to fail to do so is subject to
fines, penalties, and even lawsuits.