In the 1990s, I wrote about a health care entity’s responsibility for medical waste. At that time, a hospital client had contracted with a low cost medical waste disposal company thinking that they would be saving money. The medical waste disposal company dutifully picked up the hospital’s medical waste and provided documentation to the hospital showing that the waste had been properly disposed of in accordance with legal and regulatory requirements. The hospital was happy, until the day they received notice that the hospital was a potentially responsible party for a super fund waste site located several thousand miles away from the hospital. It turned out that the medical waste disposal company had forged the documentation and dumped the untreated medical waste at the super fund waste site. The hospital was linked to the waste site through IV bags found at the site, with patient names and the hospital’s identification attached.

HIPAA had not yet been enacted in the 1990s and protected health information (PHI) was not the hospital’s primary concern. However, had the medical waste dumping happened today, the hospital would have to address not only the EPA super fund waste problem, but also HIPAA issues.

The take away. Think beyond medical records when addressing PHI and beware of low cost solutions to waste disposal.