Yesterday I updated a breach report on phiprivacy.net where a hospital employee had taken records home… and taken records home… and taken records home. According to hospital investigators, there was no indication that she used them criminally or intended to use them criminally, but the incident points out how many paper records may just “wander” without organizations ever realizing it until years later, if at all.
A news story out of Arizona also makes that point:
A Casa Grande Justice Court clerk has been fired from her post after an investigation concluded she hid, and several years later took home, stacks of court documents used to complete criminal histories and motor-vehicle records.
The Pinal County Attorney’s Office is reviewing whether there is enough evidence in the case to charge Diana Atkins, 38, with tampering with public records, a felony.
Atkins’ personnel folder indicates a long history of job-performance issues, but her supervisors were only recently made aware of her alleged attempt to hide a backlog of work for nearly 200 cases, according to a Pinal County Sheriff’s Office report.
Read more on AZCentral.com
Once again, it seems no criminal misuse of records (although in this case there may have been some impact or consequences to individuals). As bizarrely, the court records were used/misused as part of a divorce battle.
So…. how does your organization keep track of paper records so that employees aren’t just taking them home…. and taking them home… and taking them home?