The Breach Blog: Who's responsible for medical records dumped at church?

The Breach Blog, from FRSecure

Who's responsible for medical records dumped at church?

Date Reported:

6/7/10

Organization:
Nursing Visioned Medical Services ("NVMS")*

*NVMS is now defunct (bankrupt). Its assets were purchased by Impulse Monitoring, Inc.

Contractor/Consultant/Branch:
None

Location:
Nashville, Tennessee

Victims:
Patients

Number Affected:
Unknown; however, "thousands of patient records" were discovered

Types of Data:
"patient records, surgery information, Social Security numbers and bank information"

Breach Description:
"Thousands of patient records, surgery information, Social Security numbers and bank information were found dumped behind a Nashville Church."

Reference URL:
NewsChannel5.com

Report Credit:
Nicole Ferguson, NewsChannel5.com

Response:
From the online source cited above:

NASHVILLE, Tenn. - Thousands of patient records, surgery information, Social Security numbers and bank information were found dumped behind a Nashville Church.
[Evan] These records were dumped in a large pile behind the church with no attempt to hide them. Very blatant.

The discovery was made Monday morning at the Nashville Center Point Church of the Nazarene off 54th Avenue.

A homeless man said he saw someone in a pickup truck do donuts in the church parking lot around 9:00 p.m. Sunday, before dumping the documents in the backyard of the church.

"It shocked me. I mean what kind of people do that kind of stuff?" said church caretaker Richard Urquhart. "They had to be sick."
[Evan] Sick? What do we call people who purposely decide not to secure sensitive information within companies? I didn't say it. ;)

The documents came from the now defunct and bankrupt Nursing Visioned Medical Services group, which once set up shop in Hendersonville.

NVMS used to provide neurophysiological monitoring services for thousands of medical centers and patients across the Southeast.

"They had lots of problems," said a former employee reached by phone Monday morning. "They (the owners) left and didn't leave any forwarding information."

Court documents show NVMS owner Sean McCracken filed for Chapter 7 bankruptcy in March 2008 before finally filing for Chapter 11 bankruptcy in January 2009.

Maryland-based Impulse Monitoring, Inc. bought the assets to NVMS last year when they filed bankruptcy.
[Evan] Does assets include customer information?

They said they are not responsible for the patient information because the services NVMS provided were one-time services.

Impulse said they are concerned with the compromised private information of employees, most of whom they hired when they bought the assets in 2009.

"Those records then essentially remain the responsibility of NVMS, but of course it was bankrupt," said Shannon Gregory, general counsel for Impulse Monitoring, who is now warning former NVMS employees about the compromised information. "So I am at a loss for how it became to be dumped in this way."
[Evan] This is an interesting case. Was NVMS responsible for the security of this information, or was Impulse Monitoring? We don't have enough information to make a good determination, but this is good food for thought.

Sean McCracken contacted NewsChannel5 following our first broadcast of the story on Monday at 6:00 p.m.

He said the documents were left in the hands of a former physician and Impulse Monitoring.

"I was absolutely shocked to find out about the dumping of stuff," said McCracken. "We had shredded a bunch of old documents and the more recent ones we had passed on to the company (Impulse) that bought our company back in January. So I'm not really sure where these documents were coming from quite frankly."

Commentary:
My first question is who is responsible for securing this information? Mr. McCracken makes a claim that Impulse Monitoring was left with it. Impulse Monitoring claims otherwise. Meanwhile, I have to wonder what other information might be out there.

I'm no lawyer, but I would love to run this breach by one.

Past Breaches:
Unknown

Posted by Evan Francen at 6/8/2010 3:19 PM