a former employee mistakenly took home a basket of items, including documents containing the protected health information (PHI) of 727 patients, which were flagged for shredding. The documents were taken to an elementary schooltime with other materials that had been stored at the employee's home for the summer. The PHI included social security numbers, diagnosis codes, guardians names and phone numbers, supervisor recommendations concerning treatment, and insurance identification codes. The covered entity (CE), heptad Counties Services, provided hack notification to HHS, affected individuals, and the media, placed a conspicuous note on its website, and circle up a toll unloose info number. The CE investigated the cut and interviewed all involved individuals. as a result of OCRs investigation, the ce developed new HIPAA awareness training focused on protecting paper records, revised its HIPAA policies and procedures regarding the disposal of documents containing PHI, and retrained staff on the new policies and procedures. Location of hacked information: Paper/Films Business associate present: No