Abstract
This study assessed the presence, amount, and sensitivity of personally identifiable information and personal health information found in hospital recycling bins in Toronto, Ontario, Canada.
Patients have the right to expect safekeeping of personal information. In Ontario, as in many jurisdictions, protection of personal health information (PHI) is codified in legislation. With patient information increasingly maintained in the electronic health record (EHR), paper records are frequently discarded, creating risk of paper-based privacy breaches. We assessed the presence, amount, and sensitivity of personally identifiable information (PII) and PHI (a subset of PII) found in hospital recycling bins.
Methods
We conducted a recycling audit of 5 teaching hospitals in Toronto, Ontario, Canada, from November 2014 to May 2016. Each institution’s research ethics board determined that this study did not qualify as human subjects research. All hospitals had established PHI policies; for paper disposal, each hospital had recycling bins, garbage, and, for confidential information, secure shredding receptacles. At each site, all recycling was collected at least 3 times per week over 4 weeks from predesignated locations, including inpatient wards, outpatient clinics, emergency departments, physician offices, and intensive care units. Using definitions from the Personal Health Information Protection Act of Ontario, we considered PII information “that identifies an individual or for which it is reasonably foreseeable in the circumstances that it could be utilized, either alone or with other information, to identify an individual.” When coupled with information related to medical care, the items were considered PHI. Recovered items were single entities that contained PII, whether a single sheet or stapled multipage document, and were classified by potential sensitivity—low (PII only), medium (PHI including diagnosis), and high (PHI including a description of the patient’s medical condition). We calculated the number of items recovered per kilogram of recycling.
Results
We recovered 591.6 kg of recycling, including 2687 documents with PII. Of these items, 802 were low, 843 medium, and 1042 high sensitivity (Table 1). PII and PHI were found in recycling at all hospitals. Most items were recovered at physician offices (1449 items). Physician offices had the highest proportion of PHI and PII recovered relative to weight sampled (15.79 PHI items/kg and 18.41 PII items/kg, respectively). Clinical notes, summaries, and medical reports were the most frequent type of PII inappropriately discarded (Table 2).
Table 1. Pooled Collection of Recycling by Location Among 5 Teaching Hospitals in Toronto, Ontario.
| Location in Teaching Hospital | Total | |||||
|---|---|---|---|---|---|---|
| Inpatient Wards | Outpatient Clinics | Physician Offices | Emergency Department | Intensive Care | ||
| Total weight collected, kg | 117.4 | 346.4 | 78.7 | 14.8 | 34.3 | 591.6 |
| Personally identifiable information items recovered, No. | ||||||
| Total | 694 | 240 | 1449 | 101 | 203 | 2687 |
| Low sensitivitya | 429 | 74 | 206 | 17 | 76 | 802 |
| Medium sensitivitya | 66 | 59 | 564 | 80 | 74 | 843 |
| High sensitivitya | 199 | 107 | 679 | 4 | 53 | 1042 |
| Personally identifiable items/kg of recycling | 5.91 | 0.69 | 18.41 | 6.82 | 5.92 | 4.54 |
| Total personal health information items recovered, No.b | 265 | 166 | 1243 | 84 | 127 | 1885 |
| Personal health information items/kg of recyclingb | 2.26 | 0.48 | 15.79 | 5.68 | 3.7 | 3.19 |
Sensitivity definitions: low, personally identifying information only; medium, personally identifying information plus diagnosis; high, personally identifying information plus a description of medical condition.
Personal health information: medium-sensitivity and high-sensitivity items.
Table 2. Type of Personally Identifiable Information Found by Location in Recycling Among 5 Teaching Hospitals in Toronto, Ontario.
| Information Type | Location in Teaching Hospital, No. of Personally Identifiable Items | Total | ||||
|---|---|---|---|---|---|---|
| Inpatient Wards | Outpatient Clinics | Physician Offices | Emergency Department | Intensive Care | ||
| Labels and patient identifiers | 246 | 31 | 55 | 28 | 25 | 385 |
| Clinical notes, summaries and medical reports | 248 | 72 | 427 | 8 | 66 | 821 |
| Diagnostic test results | 55 | 33 | 117 | 43 | 92 | 340 |
| Prescriptions | 6 | 16 | 29 | 11 | 3 | 65 |
| Scheduling materials | 23 | 19 | 128 | 1 | 3 | 174 |
| Handwritten notes | 66 | 22 | 40 | 5 | 5 | 138 |
| Requests and communications | 33 | 35 | 246 | 2 | 1 | 317 |
| Billing forms | 3 | 0 | 341 | 0 | 1 | 345 |
| Miscellaneous | 14 | 12 | 70 | 3 | 3 | 102 |
Discussion
A substantial amount of personal information, most of it PHI, was found in the recycling at 5 teaching hospitals in Toronto, Ontario, despite institutional policies in place for protection of personal information. Little is known about the prevalence of privacy breaches in hospitals. Studies have focused primarily on privacy risks related to electronic records; however, migration to the EHR may have heightened risks of other privacy breaches. For example, when there is no need to maintain a paper chart, the potential for improper disposal of printed patient information may paradoxically increase. The frequent presence of PII and PHI in recycling at these institutions indicates potential privacy breaches are not isolated, but should be expected in locations where patient information is printed and there is an option for nonconfidential paper disposal.
This study was multi-institutional, and collected a large volume of recycled material without widespread awareness of the intent of collection. However, some limitations are acknowledged. First, this study was restricted to recycling and did not include an audit of garbage disposal, another potential source of privacy breaches. Second, it is not known who discarded the items, patients or hospital staff. Third, although sensational cases of improper disposal of PHI have been reported, the authors are unaware of a case of inappropriate use or harm related to such privacy breaches.
Because human error is a common cause of privacy breaches within institutions, organizational solutions to improve paper PHI security should be considered. Elimination of any alternatives to nonconfidential disposal of discarded paper (irrespective of content) in areas of clinical activity may be an effective, albeit expensive strategy to reduce the risks of paper-based privacy breaches. Minimizing the printing of documents containing PHI would be a complementary approach.
Section Editor: Jody W. Zylke, MD, Deputy Editor.
References
- 1.Government of Ontario Personal Health Information Protection Act, 2004, SO 2004, c3, sched A. https://www.ontario.ca/laws/statute/04p03. Accessed December 7, 2016.
- 2.Continuous Improvement Fund Curbside waste audits: considerations for small communities. http://thecif.ca/wp-content/uploads/2016/09/CIF-Waste-Audit-Curb-Sm-Communities.pdf. Accessed April 10, 2017.
- 3.Ponemon Institute Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data. https://media.scmagazine.com/documents/121/healthcare_privacy_security_be_30019.pdf. Accessed February 14, 2018.
- 4.Liu V, Musen MA, Chou T. Data breaches of protected health information in the United States. JAMA. 2015;313(14):1471-1473. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 5.Cheng P-S. Private medical records found in trash outside NYC health center. https://www.nbcnewyork.com/news/local/medical-records-trash-Mount-Sinai-Beth-Israel-Senior--371731581.html. Accessed December 7, 2016.
- 6.Liginlal D, Sim I, Khansa L. How significant is human error as a cause of privacy breaches? an empirical study and a framework for error management. Computers & Security. 2009;28(3–4):215-228. doi: 10.1016/j.cose.2008.11.003. Accessed February 14, 2018. [DOI] [Google Scholar]
