For the past 4 years I have been receiving faxes at my home that were most likely meant for a medical clinic since my number is 1 digit off from their phone fax number.
I spoke with HIPAA [Office of Civil Rights, the complaint office for medical complaints under HIPAA] awhile ago, and they instructed me to just throw away any patient information in the trash and that I was not liable for that information in any way. Today I was sent another fax from a medical supply place and had to tell them to stop trying to send me a fax at 5:00 in the morning. Apparently, I was in their phone number data base and the information in the fax was set on auto redial. You can only imagine what a pain that is. If you take your phone off the hook the phone company has made it so it keeps buzzing to tell you to put your phone BACK on the hook.
I was told by a woman today, working for [the Office of Civil Rights], that I was to SHRED the paperwork if I got a fax like that. I asked her to explain to me what law is requiring me to do that -- in fact, what law is telling anyone in the public to do that. She didn't know what to say.
Here's the problem. If we get mail in our mailbox that has someone else’s name on it but has our address, what is our moral and legal obligation? I was under the impression that we don't open it and send it back to the post office to be routed to the correct person.
What is the difference if we get a fax sent to our computer or fax machine? The real problem is it's not sealed and it's there for me to read without the patient’s knowledge that I have all this private information about that patient. Who knows how many faxes have been sent to private homes and other wrong numbers instead of medical institutions? There appears to be no system for checking the accuracy of such numbers. If it goes to the wrong number, you have a breech of privacy.
I found that nobody can tell me what the legal obligation is of the person who accidentally gets sent a fax with private patient information. Oh they say what the moral thing to do and that is to shred it. But I'm quite sure that the public has no clue that this type of activity is going on with their medical records.
Another problem is trying to find the people who are sending faxes to my computer. There are times that calling back only ends up sending me to a designated fax line. At times I have had to contact 411 to try and help me find the company. This is so I can then contact the company to stop calling me and that’s not always in my home state. Of course a company is good about getting to the problem because if they don’t they can get hit with a huge HIPPA fine.
BUT, try getting a number that has been outsourced. I ended up talking to someone in another country to tell them to call someone back in the states to walk down a hall to turn off a fax. I have 24/7 service flat rate, but can you imagine if someone was getting these faxes and trying to do this research on their dime?
I believe we need to make companies much more responsible for sending out information, and auto-redial is not helping. The public should be aware if there are legal ramifications if they don't dispose of such documents or notify someone that an error has been made.
Like I said, after 4 years of this it's getting rather old. Had my fax machine been hooked up all the time, who knows how much sensitive and confidential information I would have received about patients and how much paper and ink I would have had to pay for mistakes made by the medical community, just because they were not being diligent.
Here are my suggestions:
- Businesses need to stop using phone-number data bases to send patient information by fax using auto-dial. Who knows when those data bases are checked for wrong numbers?
- A company should fax personal patient information only AFTER checking the phone number for accuracy. They should NOT put it on auto redial just in case they have entered the wrong number. If the fax does not go through when sent manually, the input error is likely to be noticed, and there is less chance of it happening again.
- The only way this kind of privacy issue is going to be noticed is if it hits the media. I don't think people realize how much jeopardy their patients’ privacy rights are put in when faxes are being used to transmit with such carelessness.
NOTE from the Privacy Rights Clearinghouse: We discuss safe faxing in our Fact Sheet 12 on “Responsible Information-Handling Practices” here: