Doctors In Tennessee Have Been Faxing Patient Info To The Wrong Place For Years

from the that-seems-bad dept

Live in Tennessee? Thought the records at your doctor’s office were private? You might want to check again. Michael Scott alerts us to the news that a bunch of doctors offices in Tennessee have been accidentally faxing patient records, including confidential info, to a small solar company in Indiana… for three years. Luckily, the guy on the receiving end says he’s been shredding the records as they come in, but he’s getting pretty damn frustrated. He’s contacted tons of people, including the Governor of Tennessee, but no luck. The faxes keep coming. Apparently, the problem is that the phone number of the business is close to the one that doctors are supposed to use. Given the number of faxes, my guess is that it’s not so much people mistyping it into their fax machines each time, but at some point there must have been a typo in a mailing or on a website or something. Of course, we won’t even get started on why these record transfers are still handled by fax. That’s another post for another day…

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Doctors In Tennessee Have Been Faxing Patient Info To The Wrong Place For Years”

Subscribe: RSS Leave a comment
Anonymous Coward says:

“Luckily, the guy on the receiving end says he’s been shredding the records as they come in, but he’s getting pretty damn frustrated. He’s contacted tons of people, including the Governor of Tennessee, but no luck. The faxes keep coming.”

Well, duh. Until he *stops* shredding them and solving the problem for them, no one was going to bother to fix anything.

interval says:

Re: Re: Re:

I don’t get why its gone on for three years. Presumably the records were faxed for a reason, and no one on the other *intentioned* end questioned why they were never receiving the faxes they were expecting? Or maybe it was a data warehouse and they were getting the data by other means as well as the (fail) fax method?

Alan Gerow (profile) says:

In a related story, the doctor’s offices are now filing a lawsuit requiring a judge to shut down the phone number for the solar company because it is receiving confidential information that it didn’t ask for.

Wait … oh that’s right. It’s only the Internet where people can get away with that sort of thing. People’s e-mail accounts mean nothing compared to the all powerful fax machine.

Fred McTaker (profile) says:

Re: Re:

I noticed the obvious parallels to the Bank vs. Gmail vs. Doe story as well. I wasn’t going to repeat myself, but Mike’s last line about confidential information going over fax lines got me riled up again. The problem isn’t just that the fax went to the wrong place. The bigger problem is that every phone line and exchange involved in those faxes had access to the same confidential information. Anyone with the right phone tap or phone equipment access at the right time has full access to that same confidential information, without anyone else necessarily knowing about it, even when it does go to the correct receiver.

To all you technophobe bureaucrat idiots who want the convenience of modern communications without any of the responsibility: no communications medium can EVER be considered truly confidential unless it is encrypted, and only then when the receiver has exclusive access to the primary key. If you don’t understand simple terms like PGP and SSL, you should assume all your communications can be tapped and recorded, by anyone at all who has a reason to care. If you are responsible for any confidentiality in any exchange, and you don’t use end-to-end encryption in that exchange, you have failed and deserve to be sued. Criminal negligence should be the least of the charges brought against you, especially if you operate in a bank or hospital.

Phones can be tapped and recorded by anyone with determination and half a brain. Email is like a postcard — everyone with any equipment involved in the message hand-offs can read it clear as day. Anyone with access to the lines in between can tap and record the email, just as easily as a phone conversation. In real space, envelopes can be seen through, opened and closed, without anyone on either end knowing about it. Fingerprint dust can even pick up traces of the ink writing that touched the sides of the envelope, well after the letter has been taken out. Anyone with any physical or visual access to writing can copy it with impunity, until the medium containing the writing is thoroughly destroyed. Trash belongs to no one, and can be read by anyone. Faxes are no more secure than phone conversations — they can be tapped, recorded, and replayed with impunity. Very little sophistication is required in the process. Your cell phone is even easier to tap — it can be tapped by anyone in radio receiver range of the same cell tower as you, with the right equipment (which just requires money, not intelligence).

The most sophisticated aspect of comms taps, like the ones the NSA has on the entire world, is automated message post-processing. The only thing that separates the NSA from anyone with any electronics knowledge is the ability to filter through billions of communications, based on keywords (via email, OCR, or automated transcription/translation), and voice print recognition, all without any human involvement. That is the feature that allows them to tap a single trunk at a single AT&T office, and still get nearly every trans-national communication ever made, without needing to tap or control every individual ISP. They can break weak encryption, and good encryption just slows them down. In essence, their only real advantage is the sheer magnitude of their processing resources. Otherwise spying is easy, and anyone can do it.

Anonymous Coward says:

The doctor in my town a Doctor was caught TWICE discarding PC from his office when he got the new ones… no wiping of data just placed them outside his medical office with a small sign that said take for free.
Once is a mistake but twice!!!!! And these are the times the guy that collected the PC spoke up… Had it happened before or since and the collector was silent?

Not all doctors are smart.. They are just really specialized and can be really smart in the are they focused on, but just plain dumb in some very common areas of knowledge.

Anonymous Coward says:


Wow! Anyone familiar with HIPAA knows what a HUGE fine the medical organization could face if this problem was reported to the feds. I believe the penalty is $10,000 per event.
Contrary to the comments above, I do NOT believe that events of this magnitude are very common. Yes they occur, but to have it happen over and over without correction… that’s not common. Most healthcare providers and organizations are very aware of HIPAA, and do not want to run afoul of it.

Anonymous Coward says:

Re: HIPAA ??

Fines for individuals start at $100 per incident, max $25,000 total. Fines for institutions- $25,000 per incident, 1.5 million total. I think that’s what it is currently. Those are fines for being an idiot and not complying. Fines for doing something intentionally and criminal (ie identity theft/fraud) can get you a $250,000 fine and 10 years in the pokey.

Phil says:


Most docs become docs for the perks and prestige, not for practicing medicine. I routinely talk to doctors who have no clue at all what the hell they are doing, but they’ve got the attitude problem despite it all.

Hmmm. Attitude much Mr. Z.B.?
Its amazing with the lousy attitudes on both sides of the fence that any usable medical software exists. How can there be any productive collaboration when two professions that need work together treat each other in rude, condescending and arrogant ways, or are disparaging of the other’s motives. In case you didn’t know, zenasprime, IT people sometimes have exactly that reputation among the “endusers” who actually provide healthcare.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...