Dedicated to providing the latest
HIPAA compliance news

Faxing Error Sees PHI Sent to Local Media Outlet

Share this article on:

Seven doctors’ offices in the Fort Worth area of Texas accidentally faxed patients’ protected health information to the wrong fax number. The faxes contained a range of highly sensitive patient information including names, dates of birth, Social Security numbers, medical histories and much more.

While such a mistake could potentially see patients’ health information fall into the hands of criminals, in this case the errors saw the faxes sent to local media outlet, WFAA.

The faxes received by WFAA related to at least 28 separate patients and should have been sent to Baylor Surgicare of Oakmont. The fax number used by the Fort Worth medical facility was identical to WFAA’s except for a single digit.

In this case, the seven doctors’ offices were contacted and informed of the error and the faxes were securely destroyed, although the incident shows how easy it is for sensitive patient data to be sent to incorrect recipients by fax.

While an incident such as this is unlikely to result in a HIPAA violation penalty from the Department of Health and Human Services’ Office for Civil Rights, such a mistake could potentially cause patients to come to harm. Medical data can be used for a multitude of criminal activities such as extortion, blackmail, and fraud.

The use of faxes to communicate patient health information is commonplace in the United States. Doctors need to communicate information about patients to other healthcare providers, and faxes have long been used to rapidly communicate essential information. The communication method is fast and convenient, although not particularly secure.

Faxes may be misdirected and sensitive health information could be left on fax machines where it can be accessed by unauthorized individuals. The potential for patient privacy violations are considerable.

In certain circumstances, faxes have their uses, although healthcare providers can easily send data more securely. Encrypted email is a much more secure method of communication, while electronic protected health information can be sent safely using a HIPAA-compliant, secure text messaging platform. The latter incorporates authentication controls to ensure information can only be accessed by the intended recipient.

Faxes and pagers have served the healthcare industry well over the years, although more secure methods of communication are now ubiquitous and cost-effective. They also ensure that privacy violations such as this do not occur.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On