Several years ago, a thick envelope landed in my mailbox. Its return address was that of the hospital where I’d been receiving treatment. Upon opening the envelope, I was horrified that it contained not only my own medical records, but those of twelve other patients, along with our insurance claims. For some unknown reason, the hospital had put my address on the envelope instead of the claims processor’s address.
I promptly called the hospital to report the erroneous mailing and was instructed to destroy the records, which included patient names, addresses, and their own detailed health information. Several months later, I received a letter from the hospital offering me a year’s worth of free credit protection because of their mistake. What did the hospital do beyond that to secure these wayward records? Nothing. They took my word for it that I'd destroyed the mailing. What if those records had gotten into the hands of someone who wasn't diligent and trustworthy?