Protected Health Information Sent to Incorrect Fax Recipient Over Several Months

Faxes containing the protected health information (PHI) of a patient have been sent to an incorrect recipient by OhioHealth’s Grant Medical Center over a period of several months – A violation of patient privacy and the Health Insurance Portability and Accountability Act (HIPAA).

The recipient of the faxes, Elizabeth Spilker, tried on numerous occasions to notify Grant Medical Center about the problem and stop the faxes being sent, but her efforts were unsuccessful. She tried faxing back a message on the same number requesting a change to the programmed fax number and tried contacting the medical center by telephone.

Spilker later notified ABC6 about the issue and the story was covered in a June 18 report. In the report, Spilker explained that faxes had been received from Grant Medical Center for more than a year. The messages contained a range of protected health information including name, age, weight, medical history, medications prescribed, and other sensitive health information.

Typically, the faxes were received at the end of the day. Repeated attempts were made to send the information. The only way to stop the calls was to plug in the fax machine and receive the fax message.

ABC6 reporters spoke with Grant Medical Center in Columbus, OH, and alerted staff to the problem. Subsequently, a statement was issued confirming the matter had been looked into and resolved. OhioHealth also confirmed that the faxes had been sent over a 6-month period, and not for a year as Elizabeth Spilker had explained in the ABC6 news report.

“We conducted a thorough review and audit of our fax system logs and found that three faxes were sent to the individual in error due to a transposed fax number in one patient’s medical record,” OhioHealth explained in a statement about the incident. “The fax number has been corrected and we’re reaching out to the patient involved to make him or her aware. Ensuring the privacy of our patients is a top priority at OhioHealth and we apologize for this error.” All faxes received by Ms. Spilker have now been shredded so there is no risk of further disclosures of PHI.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.