HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Faxing Error Sees PHI Sent to Local Media Outlet

Seven doctors’ offices in the Fort Worth area of Texas accidentally faxed patients’ protected health information to the wrong fax number. The faxes contained a range of highly sensitive patient information including names, dates of birth, Social Security numbers, medical histories and much more.

While such a mistake could potentially see patients’ health information fall into the hands of criminals, in this case the errors saw the faxes sent to local media outlet, WFAA.

The faxes received by WFAA related to at least 28 separate patients and should have been sent to Baylor Surgicare of Oakmont. The fax number used by the Fort Worth medical facility was identical to WFAA’s except for a single digit.

In this case, the seven doctors’ offices were contacted and informed of the error and the faxes were securely destroyed, although the incident shows how easy it is for sensitive patient data to be sent to incorrect recipients by fax.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

While an incident such as this is unlikely to result in a HIPAA violation penalty from the Department of Health and Human Services’ Office for Civil Rights, such a mistake could potentially cause patients to come to harm. Medical data can be used for a multitude of criminal activities such as extortion, blackmail, and fraud.

The use of faxes to communicate patient health information is commonplace in the United States. Doctors need to communicate information about patients to other healthcare providers, and faxes have long been used to rapidly communicate essential information. The communication method is fast and convenient, although not particularly secure.

Faxes may be misdirected and sensitive health information could be left on fax machines where it can be accessed by unauthorized individuals. The potential for patient privacy violations are considerable.

In certain circumstances, faxes have their uses, although healthcare providers can easily send data more securely. Encrypted email is a much more secure method of communication, while electronic protected health information can be sent safely using a HIPAA-compliant, secure text messaging platform. The latter incorporates authentication controls to ensure information can only be accessed by the intended recipient.

Faxes and pagers have served the healthcare industry well over the years, although more secure methods of communication are now ubiquitous and cost-effective. They also ensure that privacy violations such as this do not occur.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.