https://www.hipaajournal.com

Protected Health Information Sent to Incorrect Fax Recipient Over Several Months

Posted By on Jun 27, 2018

Faxes containing the protected health information (PHI) of a patient have been sent to an incorrect recipient by OhioHealth’s Grant Medical Center over a period of several months – A violation of patient privacy and the Health Insurance Portability and Accountability Act (HIPAA).

The recipient of the faxes, Elizabeth Spilker, tried on numerous occasions to notify Grant Medical Center about the problem and stop the faxes being sent, but her efforts were unsuccessful. She tried faxing back a message on the same number requesting a change to the programmed fax number and tried contacting the medical center by telephone.

Spilker later notified ABC6 about the issue and the story was covered in a June 18 report. In the report, Spilker explained that faxes had been received from Grant Medical Center for more than a year. The messages contained a range of protected health information including name, age, weight, medical history, medications prescribed, and other sensitive health information.

Typically, the faxes were received at the end of the day. Repeated attempts were made to send the information. The only way to stop the calls was to plug in the fax machine and receive the fax message.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

ABC6 reporters spoke with Grant Medical Center in Columbus, OH, and alerted staff to the problem. Subsequently, a statement was issued confirming the matter had been looked into and resolved. OhioHealth also confirmed that the faxes had been sent over a 6-month period, and not for a year as Elizabeth Spilker had explained in the ABC6 news report.

“We conducted a thorough review and audit of our fax system logs and found that three faxes were sent to the individual in error due to a transposed fax number in one patient’s medical record,” OhioHealth explained in a statement about the incident. “The fax number has been corrected and we’re reaching out to the patient involved to make him or her aware. Ensuring the privacy of our patients is a top priority at OhioHealth and we apologize for this error.” All faxes received by Ms. Spilker have now been shredded so there is no risk of further disclosures of PHI.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com