Who's At Fault In Faxing Confidential Data To The Wrong Place?

from the blame-the-all-thumb-faxers dept

While losing backup tapes may not be as big a risk as other types of data loss, what do you do when doctors are simply faxing tons of confidential patient data to the wrong fax machine? A small company that has a fax number one digit off from a major insurer's fax number has been dealing with that issue. They were notifying the mis-faxers, but that's become a full-time job that they can't afford any more. They offered to sell the number to the insurer, setting an amount that would cover their own ability to publicize a new fax number, but the insurer isn't interested, saying (accurately) that it isn't really their fault this is happening. That's fundamentally true, as its the typo-dialing doctors who are the problem -- but it doesn't solve the problem, which is that plenty of confidential info is rolling off the fax machine of a company that shouldn't be receiving it.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    RMartin, 7 Feb 2006 @ 11:28am

    Me, too.

    We are a medical software vendor, and our fax number is in nearly all our accounts fax quick-dialers. We get at least one fax a day from clinics who THINK they're sending to someone else. That gets a little much sometimes when we have to waste a phone call telling them what they've done...

    link to this | view in chronology ]

    • identicon
      Rikko, 7 Feb 2006 @ 12:58pm

      Re: Me, too.

      Same here.. I get 4-5 faxes a year with people's prescriptions on them. Thus far we've always called the pharmacy and they're been grateful, but this is really stupid.

      link to this | view in chronology ]

    • identicon
      Heironymous Cowherd, 7 Feb 2006 @ 2:45pm

      Re: Me, too.

      Isn't there a junk fax law that would be relevant here? In addition to everything else, the sending Dr. office is wasting the paper and toner of the small company that really doesn't want the faxes.

      link to this | view in chronology ]

  • identicon
    Don Gray, 7 Feb 2006 @ 11:40am

    They need to make a couple of calls


    Take a couple of the faxes and call the people whose information they have received.

    Explain to them that they really didn't want to receive their private health information and that in fact them receiving the information was a violation of the HIPAA.

    Tell them that the insurance company has chosen not to prevent the situation, event though they could. And that their doctor doesn't pay enough attention to detail to dial the right fax number.

    Explain to them that if they care about their privacy they should contact the Chief Privacy Officer of the insurance company, as well as the doctor's office / hospital and discuss it with them.

    I'm sure the faxes would quickly stop.

    link to this | view in chronology ]

    • identicon
      ehrichweiss, 7 Feb 2006 @ 1:26pm

      Re: They need to make a couple of calls

      I used to have a security awareness company setup that dealt with this exact type of issue and you outline a very good method of doing so.

      Of course I'd have the person, whose information was so haphazardly thrown around, take this info to an attorney and place a lawsuit accordingly for HIPAA violations.

      We've already seen a medical billing company take a "network administrator"(I personally think the idiot rode the short bus to school) to court over directly connecting the company's machines to the internet without any firewall or security checks beyond a Belkin(tm) router. I'm guessing you know how this turned out...25,000 people's info was suddenly not-so-private.

      And to think that some of my friends say I'm too paranoid.

      link to this | view in chronology ]

    • identicon
      Julie Pierce, 6 Apr 2006 @ 1:10pm

      Re: They need to make a couple of calls

      We've been receiving fax calls on our 'toll free" voice line for two months now. When diverted to our fax machine we get pages of confidential data including name address employment details, social security numbers, medical conditions, insurance policy numbers etc... Our number was given out "by mistake" to healthcare providers and at one point we were receiving 50 calls AN HOUR!! We were told it would be sorted within days - but it is still persisting. We are a small business and cannot afford the time to answer the phone (and we're paying for the calls!) But we have our hands tied by a confidentiality agreement we had to sign in order to have our costs reimbursed....on reflection we've been taken for a ride but because of fear of legal reprisal we cannot report this company to make the faxes stop.

      link to this | view in chronology ]

  • identicon
    Joel, 7 Feb 2006 @ 11:54am

    No Subject Given

    I don't know that I'd clear the insurer so quickly. With that many faxes showing up at this particular number I'd bet the insurer mis-printed the number in a few places.

    link to this | view in chronology ]

    • identicon
      Ross, 7 Feb 2006 @ 12:03pm

      Re: No Subject Given

      I had a fax number one off from a vet office. There was one laboratory that would (at least once weekly) send me the results of blood tests and other things for different pets. At first I tried to sort it out. I called both places and spoke to the right people - but that didn't work.

      Finally I started writing comments on the form like "i'm only a software engineer but it doesn't look good for fluffy. I think we will have to put him down." and fax it to both parties.

      Eventually it did stop - not because they fixed the problem, but because I switched to Vonage and had to change my fax number.

      link to this | view in chronology ]

  • identicon
    ZOMG CENSORED, 7 Feb 2006 @ 12:07pm

    Hmm... Local news...

    I read this a few days ago, and it seems that the insurance company just refuses to do anything about something that is obviously their problem. Being small-town folks they refuse to just let the faxes pile up. So therein lies the dilemma, either this small company has to act like jerks or the big company has to get their ass in gear and fix the problem.

    Not gonna happen, I would honestly just start writing the insurance company and prodding them into getting their act together.

    link to this | view in chronology ]

  • identicon
    Wizard Prang, 7 Feb 2006 @ 12:10pm

    No Subject Given

    Unfortunately most parties involved in this kind of thing believe that if they stick a confidentiality blurb on the fax somewhere they are covered.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2006 @ 12:34pm

    MMM... the future

    Hospitals all around the world are beginning to use instant messaging programs with scanner plug ins over faxing... Fax has become outdated, obsolete, and will soon be replaced :) No worries mates :)

    link to this | view in chronology ]

  • identicon
    princessfrozen, 7 Feb 2006 @ 1:18pm

    it isn't uncommon

    I used to work at a major big box retailer (think top 5 in the country) in the NOC. This sort of thing used to go on quite frequently, with stores faxing data to private residences that were inteded to go to vendors and vice versa. When the resident was bothered enough to call corporate HQ, their calls got routed to the NOC. These issues were not high priority and getting them resolved were a "ehhh do it if you're bored and have nothing to do" type of thing. Only when people threatened to sue were the issues escalated.

    link to this | view in chronology ]

  • identicon
    Kyle Hall, 7 Feb 2006 @ 1:21pm

    HIPAA Penalty

    I have worked in the health insurance industry for nearly 20 years on both the insurance side and the medical billing side. HIPAA is a pain in the butt, but at the same time it is there to protect the privacy of all of us. Some companies take HIPAA very seriously, and well should, because the consequence of violation is serious. The companies in the scenario above should be reported to CMS (Centers for Medicare and Medicaid Services) and/or OIG (Office of Inspector General). If they won't be responsible for their breech of privacy, there is something out there that, in a not so gentle way, will remind them.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2006 @ 2:09pm

    No Subject Given

    With the way things are going, its the fax machines fault.

    link to this | view in chronology ]

  • identicon
    Alex, 7 Feb 2006 @ 2:46pm

    HIPAA and fax control

    A couple of points here.

    I'm with a company which supplies fax servers to a number of hospitals, mostly in North America, and we have done so for many years.

    HIPAA has no _clear_ statement on faxing, due to it not being a clear electronic-to-electronic format by its definitions. What's used in its place is the recomendation of HIMSS for handling faxes, which amounts to the "don't read if it's not you" statement, along with additional info (hosptial name, sending agent, etc). And realize that even if HIPAA did have a clear standard, the requirements are such that all one has to show is that (a) rules are in place at the facility and (b) controls are in place to make sure the rules are followed. The point being the HIPAA compliance is more up to the hospital than the legislation. (I could go on but don't want to drag this out.)

    If the doc's office is sending from a fax machine I'm not sure what you can do other than hand slapping. Otherwise speed dial is an option, as is controls on the PBX side, although you'll probably find that just whining them into compliance might be for the best. If, however, they're sending the job from the HIS through a fax or message server, then various controls are available, including using fixed phone book entries, dialing codes or even CSID checking.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2006 @ 3:03pm

    No Subject Given

    We keep getting faxes but don't even have a fax machine. It's rally annoying when it happens during the night.

    link to this | view in chronology ]

  • identicon
    nonam9, 7 Feb 2006 @ 10:11pm

    I would send the fax back 10 x or 100 x

    Most phone calls are included in a plan now.You need for it to be more of an inconvinence to them then you. Simply send it right back to them many times, this will tie up their machines and paper and people and eventually they will stop it.

    link to this | view in chronology ]

    • identicon
      Major Burns, 8 Feb 2006 @ 3:56am

      Re: I would send the fax back 10 x or 100 x

      Being notified of violating federal patient confidentiality laws works too.

      link to this | view in chronology ]

  • identicon
    m carmen rosell, 13 Mar 2006 @ 12:26pm

    information

    Hello,
    Have a question. I sent important info. to a wrong fax number how can i get my fax back? Please, help me its very important.
    thank you for your time and understanding in this email.
    sincerely,
    mcr

    link to this | view in chronology ]

    • identicon
      Myrt, 23 Nov 2009 @ 7:33pm

      Re: Wrong fax number

      I sent very important information personal to the wrong fax number.. How can i get the information or where it is?
      Thank you topjob

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.