Oregon’s Department of Consumer and Business Services recently issued a fine against Samaritan Health Services, Inc., an Oregon non-profit health services company, for violating provisions of the Oregon Consumer Identity Theft Protection Act. The Department found that the company discarded or failed to safeguard approximately 20 patient files bearing personal information including patient names and unredacted Social Security numbers after those files were discovered by a patient in an unlocked recycling container outside of company’s clinic. The Department concluded that Samaritan Health Services violated Oregon law by “publicly posting, displaying or otherwise making available to the public the unredacted Social Security number of consumers when the 20 patient files were discarded.” The Department ordered the company to cease and desist from violating the requirements of the Oregon identity theft law and further assessed a modest civil penalty of $5,000. 

TIP: It is critical that personal information be discarded with care and only after all personal information has been destroyed or otherwise rendered permanently inaccessible.