CLINTON, Tenn. (WATE) — The owners of a strip mall in Clinton said the personal information of pharmacy customers was apparently left unprotected when the business abruptly abandoned their rented space.
Paul and Gladys Harrell, who own a strip mall, were shocked when they opened the doors to a mail-order pharmacy group that had rented space from them. When their tenant stopped paying rent, the Anderson County couple entered the business and found thousands of prescription labels with personal information.
Paul says he doesn’t know how to handle the prescription labels left behind at Comprehensive Care Pharmacy; does he burn them or have them shredded?
“This was open, I started looking. I don’t know what is all this stuff,” said Paul as he shows WATE’s Don Dare the boxes left behind.
“You have someone’s name, address, date of birth, what they are ordering. Everything. All personal information is in here,” said Dare.
“Boxes and boxes of it,” replied Paul.
The boxes were not the only thing that was left behind, Paul also pointed out four different computers on two tables that could have been turned on if Paul hadn’t unplugged them. Federal HIPAA, privacy regulations require encrypted data to be secured.
“They left everything. All this, these are the computers when they left,” said Paul.
“The hard drives are still here, and if you knew how to get into them?” asked Dare.
“Yes, anyone could see what is on them,” replied Paul.
The Harrells haven’t disturbed anything inside the business. It looks as if everyone left in a hurry.
“Did this pharmacist tell you he was going to leave?” asked Dare.
“No, I called him here just recently. No name, no number. Nobody answered,” said Paul.
“I met him one time with his brother, they sat right there. He seemed like a nice guy, I still think he’s a nice guy,” said Paul’s wife, Gladys.
Dare also called several times trying to reach the former operators of Comprehensive Care Pharmacy, but there’s been no response.
Gladys says the business operators never allowed her inside the place.
“He said you can’t come in here, Mrs. Harrell, you can’t come in here,” said Gladys.
“So you never? Came into this pharmacy?” said Dare.
“I couldn’t. I couldn’t even open the door,” replied Gladys.
Customers expect pharmacists and their staff to protect and respect their confidentiality, which includes information about their personal details and medication.
“It needs to be gotten rid of. We don’t know what to do with it,” said Paul.
The state’s Pharmacy Board has initiated an investigation into the apparent breach of confidentiality after Dare reached out to the State Department of Health. Medical professionals, like hospitals, individual physicians, nurses, and pharmacists are required by federal law to protect patients’ privacy. The 1996 Health Insurance Portability and Accountability Act, or HIPAA, regulates privacy and security in the healthcare industry. Penalties for a HIPAA violation for a pharmacy can range from $100 to $50,000 per violation.