Reader comments
Health files are sold as scrap paper to Utahn

What a callous attitude!!! With highly personal records? I am outraged! Having recently been hospitalized, I would be VERY upset if my records found their way to some school kids!! Let's see, a whole box? What, 4,000-5,000 pages? And it's a shipping problem?

What? Some under-paid UPS part-timer could not notice these were some kind of medical records? UPS "has a policy" and their policy is only as good as their employees. And the hospital hasn't been bothered to notify people their records were missing? UNREAL!!!

The story doesn't say, but I'm interested in where the records went? Did they get shredded? Were they returned? Or are they in the Deseret News underground vault? Inquiring minds want to know!

UPS, your "extensive and technologically advanced system" failed. Your "inspection" failed. With all the attention on ID theft, this is very troubling!

I just did a web search for the hospital and looked at their "privacy" policy on their web site. It's funny! They have a lot of words and cautions and conditions -- but waited weeks when they KNEW records were missing and didn't tell any of their patients. I hope someone takes them to the cleaners for violating their own policies and not caring enough to even warn the people impacted! This is a big story!

I have in my possession a microfilm with the names, addresses, social security numbers, birth dates, phone numbers, age, closest relatives, personal contacts and medical conditions of hundreds of Utahns, most of whom live in the Salt Lake City area.

How did I get the information? It came attached to a microfilm reader printer. The records were evidently microfilmed for a doctor in the Salt Lake City area. Later, when the reader printer was sold as salvage, the records came along for the ride.

Do you really think anybody out there is concerned with protecting your private data? Balderdash.

So why do I still have them? Mainly, to prove to skeptics that no one is protecting our personal data. Whenever I hear that the government wants to give us all scannable REAL ID cards, I just want to laugh.

I guess they want to make it easier for criminals to steal our personal information. As it now, they would have to club you over the head for it.

Yes, I agree this is crazy. But, my goodness the first question raised was who to sue? UNREAL? Have you ever made a mistake that went against all your safety nets. We wonder why the world is at war. People do their best and sometimes there are mistakes. Let us not forget all you Christians (of which I am one) there was only one perfect person, the rest of us may make mistakes from time to time.

It sounds like this hospital needs the services of Recall Total Information Management. It's a great company that securely stores or destroys sensitive documents for clients across North America.

Marcy the attorney was trained well. Trying to figure out just who has the deepest pockets - that's who will be sued! Taking the SSN off of the UT death certificates won't do a thing. The Social Security Death Index, put out by the U.S. Government has them. Access to that data base on the internet is available from many different genealogical sites. If you to go to the SS site, you will read that with the new, electronic setup, when a lender or anyone searching for a SSN given in any transaction/application is checked, it will come up "dead" & is a flag for all that fraud is in progress. Problem is, not everyone checks to see if the number is valid - the person is alive.

What happened to the rest of the records that went to the school class? Are these 4th graders now living high on someone else's credit? Are they buying ipods? Or were the records returned to the hospital? Terrible reporting to not include all of the information, other than the sensational bits, that is.

Who to sue? Why sue anybody? In the end no wrong came about. We Americans are way too sue happy. It was a mistake. Get over it!!!

What we need are laws prohibiting the use of social security numbers by unauthorized businesses and people, including insurance companies, credit reporting companies, and hospitals, etc., etc., etc. The only authorized use of the SSN should be the IRS, the SSA, and perhaps law enforcement for restriced use. Medical and personalrecords should be shipped only by courier and on a signature basis at both ends of shipping. If a shipper cannot deliver a package they should be required to return it to sender instead of putting in a dead file or lost file to be sold or disposed of, often for profit as UPS does. This NPS store, in Salt Lake City, is a primary buyer of items that UPS fails to deliver or gets lost in transit in world wide deliveries. UPS relies too heavily on insurance claim adjustments than quality of service and delivery. I have seen these packages and they do have legible sender addresses but they don't make much, if any effort, to return undeliverable goods. There should be a requirement for any delivery service, public or private, have a return to sender policy in place. Personal information getting classified as lost should never happen.

I live in Florida and my husband has had several things done at this hopsital. How do I know if his information was among this box? No one has called me on anything. This frankly still makes me nervous!

Re: Bob

We already have a law that does most of what you propose. It's called the HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996. Public Law 104-191, 104th U.S. Congress. It was passed in 1996.

Here in a nutshell is what it says about the security of our health records.

(2) SAFEGUARDS.--Each person described in section 1172(a) who maintains or transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards--

(A) to ensure the integrity and confidentiality of the information;

(B) to protect against any reasonably anticipated--

(i) threats or hazards to the security or integrity of the information; and

(ii) unauthorized uses or disclosures of the information; and

(C) otherwise to ensure compliance with this part by the officers and employees of such person.

Passing laws is not the problem. It's the compliance part; since no one is checking to make sure the law is being followed.

We pass laws all the time. The punishment for wrongful disclosure can be as much as 10 years in jail and a $250,000.00 fine, but the government gets to keep the money and you are left to deal with the problems.

re rvalens2:

I wasn't talking about laws. I was talking about a company that helps other companies comply with the law by managing all stages of sensitive documents' life.

Sorry Bob, my comments were meant for "Bob G" not yourself. Just slipped up on adding the "G."

re rvalens2:

I think it's unethical of you to keep that kind of information. If the data were stolen from you, I would consider you an accessory to identity theft. Several times over the years I have accidentally come into possession of private information and have shredded it immediately.

Simmer down. I understand that there is a possibility of identity theft, but most of the outraged commenters don't seem to be worried as much about that as the 'chance' that 'someone' could know they went to the hospital. Who cares? Guess what: I take anti-depressants and went to see the doctor 4 times last year for MRSA. If you don't know, it stands for Methicillin Resistant Stapholococus Aurea (yeah, I know it is probably misspelled) and it could cause death if left untreated. Ooooh! I feel so violated that someone might see that on the web.

Re: Wanee

You're absolutely right. It would be dangerous for it to fall into unscrupulous hands. So I'm going to destroy it as soon as possible. I have been using the 16 millimeter film to test the readers I repair but I can always order in a few blank rolls of film.

Still, it's amazing to me that those who request this information are so careless with it. Fortunately, like the hospital records listed in the story, it fell in to the hands of someone who is honest.

Unfortunately as long as humans are involved, mistakes will occur - fact. Realistically, med records are pretty secure - can they made more secure - sure, but it costs money and there is a point of diminishing returns. Any entity that incurs greater cost must in turn pass them on - everyone wants 'more privacy', the real question is how much do we (society) want to pay for 'more privacy'

Another unfortunate fact is that the Personal ID never came about. This forces medical and insurance entities to use SSN to know that Becky Smith, Rebecca Smith and Becky Jones (now married) is one in the same and medical histories and insurance records should be linked. There are multiple entities, many of whom never see the patient face-to-face (ie labs, xray reads, etc.) that must have some simple, accurate identifier to get the right information on the right person to the right place.

Why is everyone confused about who to sue? Tell the family to call the Office of Civil Rights of the Dept of Health and Human Services. That will start a government investigation. It sounds like the hospital is a "covered entity" under the Federal Privacy of Health Information law called "HIPAA".

The article states that boxes like this are shipped by hospitals all over the country all the time. Well, so are IRS records, employment records, bank records, and many others. It was one mistake. UPS sends millions of items daily and you people are worried about 20 - 30 people's information that was in one box! I am sure that people will get fired and people will get sued, but I think it is just stupid.

we get "bits and pieces" of the story, remember that.The fact remains that UPS did provide adequate services,not the hospital. They sent the records certified through a recognized carrier. A good lesson for us all to put more than one label on!