The Nightmare on Wood Street: Records Management Gone Very Wrong

What’s wrong with this picture?

 

“Police officers recovered hundreds, if not thousands, of income tax returns and medical records out of a pair of paper recycling bins.

~July 29, 2013, Dave Herndon,
The News-Herald, Melvindale, MI

We’re willing to bet that this doesn’t look like a nightmare to you. After all, its just a bunch of papers, tossed into a dumpster with the rest of the trash, right?  Heck, it’s even in with the recycling!

Unfortunately, you could not be more wrong.  This is exactly what a records and information disaster looks like – for individuals and for businesses.

So what’s really wrong with this picture and what can we, as individuals and business owners, learn from this mistake before it becomes our own nightmare?  There are so many mistakes and disasters waiting to happen here, we barely even know where to start.

There were identifiable medical records in the files that were found in the dumpster.  You can even see some of the names on the folders!

One word:  HIPAA.  Businesses must protect your private health information from disclosure to anyone (even the police) without proper authorization.  And its clearly being violated here.

There were financial records in those files.  Including tax returns.  You can even clearly see one of the tax return forms in the photos.

Businesses have extremely strict regulations (Sarbanes-Oxley, etc.) regarding management of client financial records, and they must be able to provide an audit trail that shows who has accessed those files.  All of which carry stiff fines and penalties for violations. In this case, it’s pretty clear none of that was followed.

Ever hear of Dumpster Diving?

There were financial records in that pile of files.  Lots of them.  Financial records that included social security numbers, names, addresses, etc.  To an identity thief, finding this stash would have been like hitting the mother lode during the gold rush.  The innocent victims would have been dealt the fatal blow to their finances (present and future), long before they even knew what happened to them.

Records?   Why bother with good records management policies?  Who needs to retain records?

Every business must practice good records management.  There are many, many records retention rules and regulations that apply to ALL business records, and in particular, to medical and financial information (no matter what business you are in!).  We’re pretty sure there are no digital copies of these files hanging around in a nice, secure, neatly organized document management program, where access is tracked and logged.  Clearly, none of these files were properly disposed of when it was time to get rid of them.

It happens all the time.

What do you think?  What other “mistakes” and horror stories did we miss in this picture?  Share your thoughts with us below!

Want to learn more about how to manage your business records?  Join us for a live webchat on best practices for records management from our team of experts!

Learn some of the tricks to making the management of your business records a little more of a treat.  Avoid the nightmare and sleep soundly knowing that your records are safe and protected from harm – or at least have a plan for how to secure them!

  • Wednesday, October 30, 2013
  • 12:30-1:30 pm EST

Eventbrite - Its Q4 - Are YOUR Records Ready for Year End?

This entry was posted in Articles. Bookmark the permalink.

2 Responses to The Nightmare on Wood Street: Records Management Gone Very Wrong

  1. kenneth white says:

    The problem is, those documents needed to be shredded not thrown out. The medical documents especially, because that is a HIPPA (health insurance portability and accountablity act) vioation. Whoever threw away these important and classified documents can get into serious trouble. Always make sure stuff like that is in a secure location or properly disposed of.

    • eBizDocs says:

      We agree 100%.

      The improper destruction of these records is only the tip of the iceberg, though. Medical records are protected, and are subject to retention policies (they must be securely stored for 7 years), and the security of records must be carefully maintained, among other things.

      This is illegal, and there are very clear fines for violating these rules, even in Michigan, where this took place.

Leave a Reply