Following the recent tornado in Joplin, Missouri, which directly hit St. John’s Regional Hospital, medical records and patient charts have been spewed around to neighboring counties. While the hospital has the patient records backed up electronically, the scattered paper records could potentially include confidential information such as social security numbers, addresses and phone numbers.
The hospital may face both legal and financial penalties as the security of their patient records has been breached. All hospitals are required to have and enforce risk management plans that highlight their strategies for the safety of their records from both man-made and natural threats. Considering the likelihood of tornadoes in Missouri, they pose a natural threat that is reasonably anticipated and should be protected against.
However, perhaps the devastation in Joplin will be considered outside the measure of federal medical privacy laws; as we’ve already seen with the declaration of a public health emergency, which allowed for the waiver of various privacy requirements.