Back
Improper Disposal of Protected/Personal health information (PHI) Data

By Alisa Fetic


Public Health Information (PHI) is one of the most vital datasets to securely retain and handle. Little can have more devastating consequences than for such data to be mislaid or inadvertently shared.


In 2017, the UK’s National Health Service was rocked by a data breach scandal. Over 860,000 documents containing individual patient data were mislaid or sent to the wrong third-party data processing company. As one MP commented in The Guardian newspaper, “the safety of thousands of patients has been put at risk due to the incompetence of a single private company and lack of proper oversight.”


More recently in America, the HIPAA journal recorded 686 healthcare data breaches of 500 or more patient records, calling 2021’s events “some of the worst of all time.” One of largest scale data breaches involved 20/20 Eye Care Network’s exposure of the PHI of over 3.25 million customers.


  • Losing, misplacing, failing to protect, or improperly sharing PHI can have the following significant consequences:
  • Danger to the health of patients whose treatment or diagnosis is delayed.
  • Breach of patient trust when individual data is shared without consent.
  • Damage to the reputation of the originating healthcare organization.
  • Reduction in trust of public bodies and a reduced willingness to share data.
  • Possible criminal or civil court cases for harm caused by privacy breaches.


Furthermore, modern healthcare and scientific research requires the secure sharing of large datasets. If the public cannot trust universities and research bodies with large PHI datasets, then innovation and research is stymied.


Established Laws and Codes of Conduct


Fortunately, most organizations adhere to rigorously policed data management policies, such as the Health Information Privacy Law and Policy (HIPAA). This is a federal privacy law that offers basic protections for the individually identifiable patient data handled by doctors. There is also state level legislation for healthcare data. In addition, most companies have their own internal data management policies and procedures to prevent data breaches and data loss.


When the time comes to destroy patient information, such as when an individual dies, or changes their healthcare provider, it’s vital to ensure that PHI data is properly disposed of. This means the permanent erasure of all individually identifiable data, both in physical documents, and digital information. Due to the inherent copyability of digital data, it can be harder to ensure the secure destruction of files than hard copies of patient information.


If a company fails to securely store, share, or destroy PHI appropriately, it runs enormous risks to its reputation, financial viability, and even the legal status of its executives, who may be held liable for the consequences of data breaches. These risks are simply not worth running.


Research Requires Secure Data Sharing


Research necessitates the sharing of large, anonymized datasets. Managing this manually, at scale, without mistakes being made is a highly imperfect solution. That’s why we created iDox.ai, and AI-powered system for data redaction, anonymization, and deletion. Our tool can handle very large volumes of data and quickly, securely, render the information safely shareable.


Why not check out our redaction product line today?

You Might Also Be Interested In