Who's At Fault In Faxing Confidential Data To The Wrong Place?
from the blame-the-all-thumb-faxers dept
While losing backup tapes may not be as big a risk as other types of data loss, what do you do when doctors are simply faxing tons of confidential patient data to the wrong fax machine? A small company that has a fax number one digit off from a major insurer's fax number has been dealing with that issue. They were notifying the mis-faxers, but that's become a full-time job that they can't afford any more. They offered to sell the number to the insurer, setting an amount that would cover their own ability to publicize a new fax number, but the insurer isn't interested, saying (accurately) that it isn't really their fault this is happening. That's fundamentally true, as its the typo-dialing doctors who are the problem -- but it doesn't solve the problem, which is that plenty of confidential info is rolling off the fax machine of a company that shouldn't be receiving it.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Me, too.
[ link to this | view in chronology ]
Re: Me, too.
[ link to this | view in chronology ]
Re: Me, too.
[ link to this | view in chronology ]
They need to make a couple of calls
Take a couple of the faxes and call the people whose information they have received.
Explain to them that they really didn't want to receive their private health information and that in fact them receiving the information was a violation of the HIPAA.
Tell them that the insurance company has chosen not to prevent the situation, event though they could. And that their doctor doesn't pay enough attention to detail to dial the right fax number.
Explain to them that if they care about their privacy they should contact the Chief Privacy Officer of the insurance company, as well as the doctor's office / hospital and discuss it with them.
I'm sure the faxes would quickly stop.
[ link to this | view in chronology ]
Re: They need to make a couple of calls
Of course I'd have the person, whose information was so haphazardly thrown around, take this info to an attorney and place a lawsuit accordingly for HIPAA violations.
We've already seen a medical billing company take a "network administrator"(I personally think the idiot rode the short bus to school) to court over directly connecting the company's machines to the internet without any firewall or security checks beyond a Belkin(tm) router. I'm guessing you know how this turned out...25,000 people's info was suddenly not-so-private.
And to think that some of my friends say I'm too paranoid.
[ link to this | view in chronology ]
Re: They need to make a couple of calls
[ link to this | view in chronology ]
No Subject Given
[ link to this | view in chronology ]
Re: No Subject Given
Finally I started writing comments on the form like "i'm only a software engineer but it doesn't look good for fluffy. I think we will have to put him down." and fax it to both parties.
Eventually it did stop - not because they fixed the problem, but because I switched to Vonage and had to change my fax number.
[ link to this | view in chronology ]
Hmm... Local news...
Not gonna happen, I would honestly just start writing the insurance company and prodding them into getting their act together.
[ link to this | view in chronology ]
No Subject Given
[ link to this | view in chronology ]
MMM... the future
[ link to this | view in chronology ]
it isn't uncommon
[ link to this | view in chronology ]
HIPAA Penalty
[ link to this | view in chronology ]
No Subject Given
[ link to this | view in chronology ]
HIPAA and fax control
I'm with a company which supplies fax servers to a number of hospitals, mostly in North America, and we have done so for many years.
HIPAA has no _clear_ statement on faxing, due to it not being a clear electronic-to-electronic format by its definitions. What's used in its place is the recomendation of HIMSS for handling faxes, which amounts to the "don't read if it's not you" statement, along with additional info (hosptial name, sending agent, etc). And realize that even if HIPAA did have a clear standard, the requirements are such that all one has to show is that (a) rules are in place at the facility and (b) controls are in place to make sure the rules are followed. The point being the HIPAA compliance is more up to the hospital than the legislation. (I could go on but don't want to drag this out.)
If the doc's office is sending from a fax machine I'm not sure what you can do other than hand slapping. Otherwise speed dial is an option, as is controls on the PBX side, although you'll probably find that just whining them into compliance might be for the best. If, however, they're sending the job from the HIS through a fax or message server, then various controls are available, including using fixed phone book entries, dialing codes or even CSID checking.
[ link to this | view in chronology ]
No Subject Given
[ link to this | view in chronology ]
I would send the fax back 10 x or 100 x
[ link to this | view in chronology ]
Re: I would send the fax back 10 x or 100 x
[ link to this | view in chronology ]
information
Have a question. I sent important info. to a wrong fax number how can i get my fax back? Please, help me its very important.
thank you for your time and understanding in this email.
sincerely,
mcr
[ link to this | view in chronology ]
Re: Wrong fax number
Thank you topjob
[ link to this | view in chronology ]