Doctors In Tennessee Have Been Faxing Patient Info To The Wrong Place For Years

from the that-seems-bad dept

Live in Tennessee? Thought the records at your doctor's office were private? You might want to check again. Michael Scott alerts us to the news that a bunch of doctors offices in Tennessee have been accidentally faxing patient records, including confidential info, to a small solar company in Indiana... for three years. Luckily, the guy on the receiving end says he's been shredding the records as they come in, but he's getting pretty damn frustrated. He's contacted tons of people, including the Governor of Tennessee, but no luck. The faxes keep coming. Apparently, the problem is that the phone number of the business is close to the one that doctors are supposed to use. Given the number of faxes, my guess is that it's not so much people mistyping it into their fax machines each time, but at some point there must have been a typo in a mailing or on a website or something. Of course, we won't even get started on why these record transfers are still handled by fax. That's another post for another day...


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Sep 30th, 2009 @ 12:46pm

    "Luckily, the guy on the receiving end says he's been shredding the records as they come in, but he's getting pretty damn frustrated. He's contacted tons of people, including the Governor of Tennessee, but no luck. The faxes keep coming."

    Well, duh. Until he *stops* shredding them and solving the problem for them, no one was going to bother to fix anything.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Free Capitalist (profile), Sep 30th, 2009 @ 1:01pm

    Re:

    Until he *stops* shredding them and solving the problem for them, no one was going to bother to fix anything.


    ++

    For pointing the absurdly humorous "catalyst" behind the absurdly humorous story.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Alan Gerow (profile), Sep 30th, 2009 @ 1:01pm

    In a related story, the doctor's offices are now filing a lawsuit requiring a judge to shut down the phone number for the solar company because it is receiving confidential information that it didn't ask for.

    Wait ... oh that's right. It's only the Internet where people can get away with that sort of thing. People's e-mail accounts mean nothing compared to the all powerful fax machine.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Sep 30th, 2009 @ 1:10pm

    Shut down the phone number? In the version of the lawsuit that I read, they wanted the entire business burned to the ground and the owner to attend a "memory erasure" session at the local Men In Black office.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Robert Ring (profile), Sep 30th, 2009 @ 1:37pm

    "He's contacted tons of people, including the Governor of Tennessee, but no luck."

    The second he contacts newspapers with the names of the doctors' offices/hospitals, I can almost guarantee the problem will be solved.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    zenasprime, Sep 30th, 2009 @ 1:46pm

    Re:

    I work in the healthcare industry and, trust me, it's much worse then you could ever imagine.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Joel Coehoorn, Sep 30th, 2009 @ 2:13pm

    I work in Medical Billing, and I have to tell you that faxing patient information would never fly with our compliance department. There are lots of forms we have to fax to insurers from time to time (claim appeals and the like), but these do NOT have any PHI on them.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Sep 30th, 2009 @ 2:23pm

    The doctor in my town a Doctor was caught TWICE discarding PC from his office when he got the new ones... no wiping of data just placed them outside his medical office with a small sign that said take for free.
    Once is a mistake but twice!!!!! And these are the times the guy that collected the PC spoke up... Had it happened before or since and the collector was silent?

    Not all doctors are smart.. They are just really specialized and can be really smart in the are they focused on, but just plain dumb in some very common areas of knowledge.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    interval, Sep 30th, 2009 @ 2:42pm

    Re: Re:

    I don't get why its gone on for three years. Presumably the records were faxed for a reason, and no one on the other *intentioned* end questioned why they were never receiving the faxes they were expecting? Or maybe it was a data warehouse and they were getting the data by other means as well as the (fail) fax method?

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    interval, Sep 30th, 2009 @ 2:44pm

    Re:

    Friend of mine worked for a liability lawyer, he was constantly swearing at doctors for being as stupid was they were. Apparently malpractice accidents are VERY common. I hate to say.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Sep 30th, 2009 @ 3:18pm

    Re: Re: Re:

    he should have contacted Techdirt sooner.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    TW Burger (profile), Sep 30th, 2009 @ 3:26pm

    Re: Happened Before

    It happened to me once several years ago. My fax started throwing out pages and pages of very personal medical information. It was a private doctor so it was solved with one call and I burned the pages. Sensitive information should require the receiving fax machine to identify itself as a valid recipient.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    TW Burger (profile), Sep 30th, 2009 @ 3:37pm

    I Wonder...

    I wonder when Bill Keith, owner of SunRise Solar Inc. in Indiana who received the faxes, will be charged by Governor (Phil) Bredesen's office under HIPAA legislation for receiving private medical information?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Sep 30th, 2009 @ 3:50pm

    HIPAA ??

    Wow! Anyone familiar with HIPAA knows what a HUGE fine the medical organization could face if this problem was reported to the feds. I believe the penalty is $10,000 per event.
    Contrary to the comments above, I do NOT believe that events of this magnitude are very common. Yes they occur, but to have it happen over and over without correction... that's not common. Most healthcare providers and organizations are very aware of HIPAA, and do not want to run afoul of it.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Sep 30th, 2009 @ 4:26pm

    Re: HIPAA ??

    Fines for individuals start at $100 per incident, max $25,000 total. Fines for institutions- $25,000 per incident, 1.5 million total. I think that's what it is currently. Those are fines for being an idiot and not complying. Fines for doing something intentionally and criminal (ie identity theft/fraud) can get you a $250,000 fine and 10 years in the pokey.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    another mike (profile), Sep 30th, 2009 @ 4:28pm

    how's that saying go?

    "Once is an incident.
    Twice is a trend.
    Three times is enemy fire."

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    zenasprime, Sep 30th, 2009 @ 5:19pm

    Re: Re:

    Most docs become docs for the perks and prestige, not for practicing medicine. I routinely talk to doctors who have no clue at all what the hell they are doing, but they've got the attitude problem despite it all.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    TDR, Sep 30th, 2009 @ 5:29pm

    Re: Re: Re:

    Aye. I wonder if they even still recite the Hippocratic Oath at medical school anymore?

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Sean T Henry (profile), Sep 30th, 2009 @ 6:19pm

    Re: I Wonder...

    Sorry but you have the wrong party non-health institutions are not bound by HIPAA. The doctors' office is though and violated HIPAA by disclosing confidential information.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Fred McTaker (profile), Oct 1st, 2009 @ 1:35am

    Re:

    I noticed the obvious parallels to the Bank vs. Gmail vs. Doe story as well. I wasn't going to repeat myself, but Mike's last line about confidential information going over fax lines got me riled up again. The problem isn't just that the fax went to the wrong place. The bigger problem is that every phone line and exchange involved in those faxes had access to the same confidential information. Anyone with the right phone tap or phone equipment access at the right time has full access to that same confidential information, without anyone else necessarily knowing about it, even when it does go to the correct receiver.

    To all you technophobe bureaucrat idiots who want the convenience of modern communications without any of the responsibility: no communications medium can EVER be considered truly confidential unless it is encrypted, and only then when the receiver has exclusive access to the primary key. If you don't understand simple terms like PGP and SSL, you should assume all your communications can be tapped and recorded, by anyone at all who has a reason to care. If you are responsible for any confidentiality in any exchange, and you don't use end-to-end encryption in that exchange, you have failed and deserve to be sued. Criminal negligence should be the least of the charges brought against you, especially if you operate in a bank or hospital.

    Phones can be tapped and recorded by anyone with determination and half a brain. Email is like a postcard -- everyone with any equipment involved in the message hand-offs can read it clear as day. Anyone with access to the lines in between can tap and record the email, just as easily as a phone conversation. In real space, envelopes can be seen through, opened and closed, without anyone on either end knowing about it. Fingerprint dust can even pick up traces of the ink writing that touched the sides of the envelope, well after the letter has been taken out. Anyone with any physical or visual access to writing can copy it with impunity, until the medium containing the writing is thoroughly destroyed. Trash belongs to no one, and can be read by anyone. Faxes are no more secure than phone conversations -- they can be tapped, recorded, and replayed with impunity. Very little sophistication is required in the process. Your cell phone is even easier to tap -- it can be tapped by anyone in radio receiver range of the same cell tower as you, with the right equipment (which just requires money, not intelligence).

    The most sophisticated aspect of comms taps, like the ones the NSA has on the entire world, is automated message post-processing. The only thing that separates the NSA from anyone with any electronics knowledge is the ability to filter through billions of communications, based on keywords (via email, OCR, or automated transcription/translation), and voice print recognition, all without any human involvement. That is the feature that allows them to tap a single trunk at a single AT&T office, and still get nearly every trans-national communication ever made, without needing to tap or control every individual ISP. They can break weak encryption, and good encryption just slows them down. In essence, their only real advantage is the sheer magnitude of their processing resources. Otherwise spying is easy, and anyone can do it.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Oct 1st, 2009 @ 4:47am

    Re: Re: Re:

    Most docs become docs for the perks and prestige...

    And the money.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Phil, Oct 1st, 2009 @ 11:44pm

    @zenasprime
    Most docs become docs for the perks and prestige, not for practicing medicine. I routinely talk to doctors who have no clue at all what the hell they are doing, but they've got the attitude problem despite it all.

    Hmmm. Attitude much Mr. Z.B.?
    Its amazing with the lousy attitudes on both sides of the fence that any usable medical software exists. How can there be any productive collaboration when two professions that need work together treat each other in rude, condescending and arrogant ways, or are disparaging of the other's motives. In case you didn't know, zenasprime, IT people sometimes have exactly that reputation among the "endusers" who actually provide healthcare.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Matt, Oct 2nd, 2009 @ 11:54am

    When is the medical world going to join the future and get rid of the fax machine? There are so many more efficient ways of doing things...

    Here's a great and relevant article on the subject:
    http://case-connect.com/blog/2009/07/28/20th-century-fax/

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Roland985, Oct 7th, 2009 @ 5:52pm

    RERE

    Its fun using a fax machine! its cool as you can recort the sounds onto tape and play it back later on!

    It is good fun.
    But yes there are some good reasons to move to the 21st century.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    lrobbo (profile), Jun 12th, 2012 @ 9:56am

    I'd rather stay a luddite in the 20thC

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This