Doctors In Tennessee Have Been Faxing Patient Info To The Wrong Place For Years

from the that-seems-bad dept

Wed, Sep 30th 2009 12:44pm — Mike Masnick

Live in Tennessee? Thought the records at your doctor's office were private? You might want to check again. Michael Scott alerts us to the news that a bunch of doctors offices in Tennessee have been accidentally faxing patient records, including confidential info, to a small solar company in Indiana... for three years. Luckily, the guy on the receiving end says he's been shredding the records as they come in, but he's getting pretty damn frustrated. He's contacted tons of people, including the Governor of Tennessee, but no luck. The faxes keep coming. Apparently, the problem is that the phone number of the business is close to the one that doctors are supposed to use. Given the number of faxes, my guess is that it's not so much people mistyping it into their fax machines each time, but at some point there must have been a typo in a mailing or on a website or something. Of course, we won't even get started on why these record transfers are still handled by fax. That's another post for another day...

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doctors, faxing, medical records, privacy, tennessee

26 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 30 Sep 2009 @ 12:46pm

"Luckily, the guy on the receiving end says he's been shredding the records as they come in, but he's getting pretty damn frustrated. He's contacted tons of people, including the Governor of Tennessee, but no luck. The faxes keep coming."

Well, duh. Until he *stops* shredding them and solving the problem for them, no one was going to bother to fix anything.
[ link to this | view in chronology ]
- Free Capitalist (profile), 30 Sep 2009 @ 1:01pm
  
  Re:
  Until he *stops* shredding them and solving the problem for them, no one was going to bother to fix anything.
  
  ++
  
  For pointing the absurdly humorous "catalyst" behind the absurdly humorous story.
  [ link to this | view in chronology ]
  - interval, 30 Sep 2009 @ 2:42pm
    
    Re: Re:
    I don't get why its gone on for three years. Presumably the records were faxed for a reason, and no one on the other *intentioned* end questioned why they were never receiving the faxes they were expecting? Or maybe it was a data warehouse and they were getting the data by other means as well as the (fail) fax method?
    [ link to this | view in chronology ]
    - Anonymous Coward, 30 Sep 2009 @ 3:18pm
      
      Re: Re: Re:
      he should have contacted Techdirt sooner.
      [ link to this | view in chronology ]
Alan Gerow (profile), 30 Sep 2009 @ 1:01pm

In a related story, the doctor's offices are now filing a lawsuit requiring a judge to shut down the phone number for the solar company because it is receiving confidential information that it didn't ask for.

Wait ... oh that's right. It's only the Internet where people can get away with that sort of thing. People's e-mail accounts mean nothing compared to the all powerful fax machine.
[ link to this | view in chronology ]
- Fred McTaker (profile), 1 Oct 2009 @ 1:35am
  
  Re:
  I noticed the obvious parallels to the Bank vs. Gmail vs. Doe story as well. I wasn't going to repeat myself, but Mike's last line about confidential information going over fax lines got me riled up again. The problem isn't just that the fax went to the wrong place. The bigger problem is that every phone line and exchange involved in those faxes had access to the same confidential information. Anyone with the right phone tap or phone equipment access at the right time has full access to that same confidential information, without anyone else necessarily knowing about it, even when it does go to the correct receiver.
  
  To all you technophobe bureaucrat idiots who want the convenience of modern communications without any of the responsibility: no communications medium can EVER be considered truly confidential unless it is encrypted, and only then when the receiver has exclusive access to the primary key. If you don't understand simple terms like PGP and SSL, you should assume all your communications can be tapped and recorded, by anyone at all who has a reason to care. If you are responsible for any confidentiality in any exchange, and you don't use end-to-end encryption in that exchange, you have failed and deserve to be sued. Criminal negligence should be the least of the charges brought against you, especially if you operate in a bank or hospital.
  
  Phones can be tapped and recorded by anyone with determination and half a brain. Email is like a postcard -- everyone with any equipment involved in the message hand-offs can read it clear as day. Anyone with access to the lines in between can tap and record the email, just as easily as a phone conversation. In real space, envelopes can be seen through, opened and closed, without anyone on either end knowing about it. Fingerprint dust can even pick up traces of the ink writing that touched the sides of the envelope, well after the letter has been taken out. Anyone with any physical or visual access to writing can copy it with impunity, until the medium containing the writing is thoroughly destroyed. Trash belongs to no one, and can be read by anyone. Faxes are no more secure than phone conversations -- they can be tapped, recorded, and replayed with impunity. Very little sophistication is required in the process. Your cell phone is even easier to tap -- it can be tapped by anyone in radio receiver range of the same cell tower as you, with the right equipment (which just requires money, not intelligence).
  
  The most sophisticated aspect of comms taps, like the ones the NSA has on the entire world, is automated message post-processing. The only thing that separates the NSA from anyone with any electronics knowledge is the ability to filter through billions of communications, based on keywords (via email, OCR, or automated transcription/translation), and voice print recognition, all without any human involvement. That is the feature that allows them to tap a single trunk at a single AT&T office, and still get nearly every trans-national communication ever made, without needing to tap or control every individual ISP. They can break weak encryption, and good encryption just slows them down. In essence, their only real advantage is the sheer magnitude of their processing resources. Otherwise spying is easy, and anyone can do it.
  [ link to this | view in chronology ]
Anonymous Coward, 30 Sep 2009 @ 1:10pm

Shut down the phone number? In the version of the lawsuit that I read, they wanted the entire business burned to the ground and the owner to attend a "memory erasure" session at the local Men In Black office.
[ link to this | view in chronology ]
Robert Ring (profile), 30 Sep 2009 @ 1:37pm

"He's contacted tons of people, including the Governor of Tennessee, but no luck."

The second he contacts newspapers with the names of the doctors' offices/hospitals, I can almost guarantee the problem will be solved.
[ link to this | view in chronology ]
zenasprime, 30 Sep 2009 @ 1:46pm

Re:
I work in the healthcare industry and, trust me, it's much worse then you could ever imagine.
[ link to this | view in chronology ]
Anonymous Coward, 30 Sep 2009 @ 2:12pm

It happened in Canada a few years back...
http://pqasb.pqarchiver.com/thestar/access/750124971.html?dids=750124971:750124971&FMT= ABS&FMTS=ABS:FT&type=current&date=Dec+01%2C+2004&author=Ellen+Roseman&pub=Toront o+Star&desc=Trust+misdirected+at+CIBC&pqatl=google
[ link to this | view in chronology ]
- TW Burger (profile), 30 Sep 2009 @ 3:26pm
  
  Re: Happened Before
  It happened to me once several years ago. My fax started throwing out pages and pages of very personal medical information. It was a private doctor so it was solved with one call and I burned the pages. Sensitive information should require the receiving fax machine to identify itself as a valid recipient.
  [ link to this | view in chronology ]
Joel Coehoorn, 30 Sep 2009 @ 2:13pm

I work in Medical Billing, and I have to tell you that faxing patient information would never fly with our compliance department. There are lots of forms we have to fax to insurers from time to time (claim appeals and the like), but these do NOT have any PHI on them.
[ link to this | view in chronology ]
Anonymous Coward, 30 Sep 2009 @ 2:23pm

The doctor in my town a Doctor was caught TWICE discarding PC from his office when he got the new ones... no wiping of data just placed them outside his medical office with a small sign that said take for free.
Once is a mistake but twice!!!!! And these are the times the guy that collected the PC spoke up... Had it happened before or since and the collector was silent?

Not all doctors are smart.. They are just really specialized and can be really smart in the are they focused on, but just plain dumb in some very common areas of knowledge.
[ link to this | view in chronology ]
- interval, 30 Sep 2009 @ 2:44pm
  
  Re:
  Friend of mine worked for a liability lawyer, he was constantly swearing at doctors for being as stupid was they were. Apparently malpractice accidents are VERY common. I hate to say.
  [ link to this | view in chronology ]
  - zenasprime, 30 Sep 2009 @ 5:19pm
    
    Re: Re:
    Most docs become docs for the perks and prestige, not for practicing medicine. I routinely talk to doctors who have no clue at all what the hell they are doing, but they've got the attitude problem despite it all.
    [ link to this | view in chronology ]
    - TDR, 30 Sep 2009 @ 5:29pm
      
      Re: Re: Re:
      Aye. I wonder if they even still recite the Hippocratic Oath at medical school anymore?
      [ link to this | view in chronology ]
    - Anonymous Coward, 1 Oct 2009 @ 4:47am
      
      Re: Re: Re:
      Most docs become docs for the perks and prestige...
      
      And the money.
      [ link to this | view in chronology ]
TW Burger (profile), 30 Sep 2009 @ 3:37pm

I Wonder...
I wonder when Bill Keith, owner of SunRise Solar Inc. in Indiana who received the faxes, will be charged by Governor (Phil) Bredesen's office under HIPAA legislation for receiving private medical information?
[ link to this | view in chronology ]
- Sean T Henry (profile), 30 Sep 2009 @ 6:19pm
  
  Re: I Wonder...
  Sorry but you have the wrong party non-health institutions are not bound by HIPAA. The doctors' office is though and violated HIPAA by disclosing confidential information.
  [ link to this | view in chronology ]
Anonymous Coward, 30 Sep 2009 @ 3:50pm

HIPAA ??
Wow! Anyone familiar with HIPAA knows what a HUGE fine the medical organization could face if this problem was reported to the feds. I believe the penalty is $10,000 per event.
Contrary to the comments above, I do NOT believe that events of this magnitude are very common. Yes they occur, but to have it happen over and over without correction... that's not common. Most healthcare providers and organizations are very aware of HIPAA, and do not want to run afoul of it.
[ link to this | view in chronology ]
- Anonymous Coward, 30 Sep 2009 @ 4:26pm
  
  Re: HIPAA ??
  Fines for individuals start at $100 per incident, max $25,000 total. Fines for institutions- $25,000 per incident, 1.5 million total. I think that's what it is currently. Those are fines for being an idiot and not complying. Fines for doing something intentionally and criminal (ie identity theft/fraud) can get you a $250,000 fine and 10 years in the pokey.
  [ link to this | view in chronology ]
another mike (profile), 30 Sep 2009 @ 4:28pm

how's that saying go?
"Once is an incident.
Twice is a trend.
Three times is enemy fire."
[ link to this | view in chronology ]
Phil, 1 Oct 2009 @ 11:44pm

@zenasprime
Most docs become docs for the perks and prestige, not for practicing medicine. I routinely talk to doctors who have no clue at all what the hell they are doing, but they've got the attitude problem despite it all.

Hmmm. Attitude much Mr. Z.B.?
Its amazing with the lousy attitudes on both sides of the fence that any usable medical software exists. How can there be any productive collaboration when two professions that need work together treat each other in rude, condescending and arrogant ways, or are disparaging of the other's motives. In case you didn't know, zenasprime, IT people sometimes have exactly that reputation among the "endusers" who actually provide healthcare.
[ link to this | view in chronology ]
Matt, 2 Oct 2009 @ 11:54am

When is the medical world going to join the future and get rid of the fax machine? There are so many more efficient ways of doing things...

Here's a great and relevant article on the subject:
http://case-connect.com/blog/2009/07/28/20th-century-fax/
[ link to this | view in chronology ]
Roland985, 7 Oct 2009 @ 5:52pm

RERE
Its fun using a fax machine! its cool as you can recort the sounds onto tape and play it back later on!

It is good fun.
But yes there are some good reasons to move to the 21st century.
[ link to this | view in chronology ]
lrobbo (profile), 12 Jun 2012 @ 9:56am

I'd rather stay a luddite in the 20thC
[ link to this | view in chronology ]