The importance of physical security and the risk associated with the unauthorized access to or loss of paper records is clear from recent experiences of Pruitt Health in South Carolina.

On March 2, 2016, an intruder broke the front door glass of one of its home health locations and had access to paper medical records of patients. Then on April 11, 2016, thieves broke into a hospice office at another location by breaking a side window. Once inside, the intruders managed to break into file cabinets that housed patient records. Pruitt announced that it did not appear that any records were taken.

Nonetheless, because of the the unauthorized access to patient records in these two incidents, Pruitt Health notified patients, including 1,437 individuals affected by the hospice center break-in, that their protected health information may have been exposed. The Office for Civil Rights was notified as well.

HIPAA requires covered entities and business associates to have appropriate physical, technical and administrative safeguards in place to secure protected health information. Paper records are still at risk and physical security of paper records is still an issue for many health care organizations.