Sandra Yin reports on some breaches that weren’t reported previously on this site:
The California Department of Public Health (CDPH) found that Children’s Hospital of Orange County sent patient records to an auto shop in 2009, according to the Orange County Register. The business received six faxes containing healthcare information, including information that identified the patient’s name, date of birth, and details about the visits.
Hospital staff told the Register that a test fax should have been sent first, per hospital policy.
In another breach of patient privacy by the same hospital, patient records were faxed to the wrong doctor, because the name of the patient’s ER doctor was not correctly entered into the system. The hospital is checking its database for accuracy.
Read more on FierceHealthcare.
What really bothers me about such breaches is how casual some covered entities seem to be. I’ve called hospitals a few times to alert them to misdirected faxes, and not once did they ever express consternation or ask me to take steps to destroy the fax securely and to confirm same to them, etc.