DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Westcoast Children's Clinic notifies parents after sensitive info faxed to wrong number

Posted on April 25, 2013 by Dissent

Westcoast Children’s Clinic in Oakland recently notified the parents of a patient after a psychological assessment report containing the patient’s name, date of birth, current placement history, developmental and psychological treatment history, limited family history, educational history,  current psychological concerns, testing data, results  and interpretation, and treatment recommendations was faxed to an unintended recipient.  The error occurred because one digit of the dialed fax number was off by 1.

The clinic learned of the April 16 incident on April 19, when the unintended recipient contacted them. According to the clinic, the recipient shredded the misdirected documents. A notification letter was sent to the parents on April 22.

A review of the incident indicated that the employee had not followed established protocols that would have prevented the error.

The employee will receive disciplinary sanctions consistent with the level of privacy breach and will be retrained in privacy practices. All of our employees will be contacted to remind them of the priorities in protecting health information.

Even if the unintended recipient shredded the documents, the information would presumably reside in the memory system of the recipient’s fax machine.  I contacted Westcoast Children’s Clinic to inquire about that concern and was informed by Eric Kelly, their IT Director, that the IT person at the office where the fax was misdirected had indicated they would clear the memory on the machine and that Westcoast would be following up to confirm that this was done.

Of note, because California law only requires submissions to the Attorney General’s Office for breaches affecting more than 500 individuals, I had initially assumed that this breach affected more than 500 individuals. It was only in following up on the fax memory issue that I learned that this was a single-individual breach, as was their past report to the state. The previous breach report has been corrected to indicate that it was an N=1 breach.   So I learned I cannot assume that every breach reported on California’s site really is an N>500 breach.  This case has also reinforced the point that entities should obtain legal advice about their reporting obligations, as needlessly exposing breaches has the potential to inflict avoidable reputation harm and shake the confidence of patients or clients.

Related posts:

  • Springfield Psychological Provides Notice of a Security Incident
  • Ca: Commissioner’s investigation determines that faxing failures put sensitive mental health information at risk.
Category: Health Data

Post navigation

← ‘Glitch’ publishes private info of more than 100 Oakland Community College students
News Group chief responds to Berkeley privacy breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.