Quest Diagnostics has agreed to pay almost $5 million to settle allegations it illegally dumped protected health information - and hazardous waste - at its facilities across California.
This sum won't hurt at all for the corporation, one of the largest clinical medical lab networks in the US. In all, Quest is being charged slightly less than two days of its $994 million annual profit in 2023 - hardly a serious disincentive.
Under the settlement [PDF], Quest will pay $3,999,500 to ten California counties, plus give $300,000 to environmental projects and an additional $700,000 to foot attorneys' fees and other costs.
It also agreed to hire an independent environmental auditor to review waste-disposal practices at its facilities, and improve processes for handling, storage, and disposal of medical and hazardous waste - as well as personal health information - at four laboratories and more than 600 patient service centers in California.
Quest takes patient privacy and the protection of the environment very seriously and has made significant investments to implement industry best practices to ensure hazardous waste, medical waste, and confidential patient information are disposed of properly.
These include investing in technologies for treatment of biological waste, secured destruction of patient information, programs to maximize recycling efforts and minimize waste-to-landfill disposal, waste-to-energy recovery of non-recyclable wastes, and enhanced waste audit and inspection measures to ensure continued compliance with applicable laws.
In total, the district attorneys' offices said they conducted more than 30 inspections of Quest labs and patient centers across California.
During those inspections, authorities dug through Quest's compactors and dumpsters, and said they found hundreds of containers of chemicals, as well as bleach, reagents, batteries, electronic waste, unredacted medical information, medical waste such as used specimen containers for blood and urine, and hazardous waste such as used batteries, solvents, and flammable liquids.
This waste and data disposal broke hazardous waste law, California's Medical Waste Management Act, unfair competition law, and civil laws prohibiting the unauthorized disclosure of personal health information, prosecutors argued in their court submissions [PDF].
While improperly dumping hazardous waste can have terrible human health and environmental consequences, leaving people's personal records in places where identity thieves can pilfer them - even if they have to wade through bio-waste to get it - isn't particularly ideal, either.
It's bad enough that ransomware crews and other criminals are hitting healthcare facilities to steal protected health records, which can be extremely damaging to patients and organizations.
This Cyber News was published on go.theregister.com. Publication date: Fri, 16 Feb 2024 01:43:06 +0000