HIPAA FAX Breach: Why health care should finally stop faxing
For more information, see:
- Hospital faxed a patient’s HIV-positive status to his workplace — he’s now suing for $2.5 million
- Is a FAXing really HIPAA-compliant?
- HIPAA Faxing: How To Send and Receive FAXes in a Secure and Compliant Way
Have a question? Ask Erik
The news is out, and this is one more reason why we shouldn’t be using fax machines in health care. The Spencer Cox Medical Center is now being sued for $2.5 million for a single faxed message, a faxed message sent against the patient’s wishes, to the patient’s workplace stating the patient’s HIV positive status. In a sense, this is a textbook example of what everyone would use to say, “Don’t do this. Don’t have a breach. Don’t send things to the wrong place.”
Faxes are a unique thing. They’re different from email and text messages and so forth, because they don’t really fall under the HIPAA security rule. They don’t send information electronically, even though that’s crap these days. It’s all electronic. They do fall under the privacy rule, which says that information in the fax still needs to be protected properly.
One of the major things about protecting it is making sure it can’t be seen by anybody who’s not supposed to see it. Probably everybody at your workplace is not supposed to see your medical health information. That’s the crux of the issue. And that’s why it’s being sued for loss of work. That’s why the medical health centers have given fees to the Health and Human Services Department due to the breach.
So, one more example, don’t do it. The reason why? You can’t be sure who’s going to see the information. If you have to use fax machines, you’ve got to really be careful and make sure that the faxes are locked down, and only the right people can access them. In general, what should you do? You should unplug those fax machines. Put them away, and switch to something else. There’s a myriad of other options right now. There’s secure email. There’s secure video conferencing. There’s secure document storage and sharing, and the list goes on and on. There’s so many ways to communicate things so information is both encrypted, and so that you can be sure that only the right person can see it, that there’s really no excuse for using fax machines anymore, especially with communicating directly with patients.
- Is FAXing really HIPAA Compliant?
- How the HIPAA Omnibus Rule Affects Email, Web, FAX, and Skype
- The HIPAA Breach Notification Rule: What it Really Means to Providers and Insurers
- Ask Erik: Is misaddressed email a HIPAA breach?
- Case Study: LuxSci SecureForm and Ink Signatures Eliminate Downloading, Printing, Signing, and Faxing of Contracts