Moveable Feast, a nonprofit organization based in Baltimore, MD, recently faced a significant privacy issue when it was discovered that sensitive documents were improperly disposed of. The organization, which provides care to individuals living with HIV/AIDS and other life-threatening illnesses, typically adheres to strict protocols requiring sensitive documents to be shredded. However, some documents were mistakenly placed in regular recycling bins instead of the designated shredding bins. This error came to light when a recycling bin, set out for curb pickup, was blown over by the wind, scattering its contents.
Upon discovering the scattered documents, Moveable Feast staff quickly acted to retrieve them, although not all could be recovered. The unretrieved documents contained personal information of 568 individuals, including client numbers, names, genders, races, ages, and for some, the last four digits of their Social Security numbers. This mishandling constitutes a breach of the Health Insurance Portability and Accountability Act (HIPAA), which safeguards medical information.
In response to the incident, Moveable Feast has taken several corrective measures. They have notified all affected individuals about the breach and have provided them with 12 months of free credit monitoring services to mitigate potential harm. Furthermore, the organization has retrained its staff to ensure strict adherence to document handling and disposal policies to prevent future occurrences.
This event highlights the critical importance of stringent data protection measures in organizations handling sensitive personal and medical information. It serves as a reminder of the potential consequences of procedural lapses and the need for continual training and vigilance in data management practices. Moveable Feast is now focused on reinforcing its commitment to the security and privacy of its clients, aiming to restore trust and maintain the integrity of its vital services.
