Hospitals Are Throwing Sensitive Patient Information Out With the Recycling

Dear hospitals, please don’t throw sensitive information in the trash.
Dear hospitals, please don’t throw sensitive information in the trash.
Photo: Chris Higgins/Flickr

Heath data is some of the most sensitive information out there, and modern life sometimes puts that information at risk of being exposed. Hackers could break into insurance company records and steal customer medical information. A hospital you’ve visited could experience a data breach. You could spit in a tube to find out about your ancestry, and a company could sell your genetic information to a third party.

Or, you know, someone could just go dumpster diving behind a hospital and find a treasure trove of valuable patient information.

Researchers conducted a “recycling audit” of five hospitals in Toronto between November 2014 and May 2016 and found that frequently hospitals improperly threw out sensitive patient information. All the hospitals had policies designed to get rid of confidential patient health information without potentially exposing it, along with shredders to get the job done. And yet, when researched collected hospital recycling three times a week over a four week period, they found a total of 2,687 documents with personally identifiable information, often documents like clinical notes and medical reports. They describe their findings in a new letter published in the journal JAMA.


Health data is valuable to hackers—probably more so than your credit card digits—because data like names, birth dates, policy numbers, diagnosis codes, and billing information can be used to create fake IDs to buy medical equipment or drugs that can be resold. It’s also often less quickly identified, meaning a hacker can take advantage of stolen data for years before it’s discovered.

Between 2009 and 2016, hospital data breaches accounted for approximately 30 percent of reported large data security incidents. Things like aging computer systems making hospitals and other healthcare providers often an easy target. But just throwing out the records with the recycling? Come on.

Senior Writer, Gizmodo.

Share This Story

Get our `newsletter`


As I personally work in the healthcare field dealing with PHI, it’s sad to think that there are hospitals that aren’t following the proper procedures when dealing with records.

I have to admit that I’m damn near anal when it comes to dealing with the proper disposal of PHI when it is no longer needed (that is, making sure to put it in the proper containers to be shredded instead of just dropping it into a trash or recycling bin).

Maybe the hospitals where this is an issue need to go back and make absolutely sure that their employees know how to properly dispose of any PHI so that it doesn’t end up in ‘the wild’.