Sandra Yin reports on some breaches that weren’t reported previously on this site:
The California Department of Public Health (CDPH) found that Children’s Hospital of Orange County sent patient records to an auto shop in 2009, according to the Orange County Register. The business received six faxes containing healthcare information, including information that identified the patient’s name, date of birth, and details about the visits.
Hospital staff told the Register that a test fax should have been sent first, per hospital policy.
In another breach of patient privacy by the same hospital, patient records were faxed to the wrong doctor, because the name of the patient’s ER doctor was not correctly entered into the system. The hospital is checking its database for accuracy.
Read more on FierceHealthcare.
What really bothers me about such breaches is how casual some covered entities seem to be. I’ve called hospitals a few times to alert them to misdirected faxes, and not once did they ever express consternation or ask me to take steps to destroy the fax securely and to confirm same to them, etc.
I work in a hospital, and we take misdirected faxes extremely seriously. If the recipient is in our community, we send someone to go get the information. If they aren’t, we give them a FedEx account number to which to bill the shipping of the information back to us.
It always boggles my mind that other facilities don’t take it as seriously.
Beth:
I got so disgusted with one hospital that I actually said, “Okay, since you seem to be so casual about this, I’ll tell you that I run a privacy web site for PHI issues and I just may upload these faxes as an example of how your hospital deals with this issue.”
Boy, did she get upset then, telling me that I can’t do that because of patient privacy, etc. Uh huh.
I’m glad your hospital takes it seriously.