Physician Practice

How to lose $387,200 in a fax

Physician Practice Insider, May 26, 2017

Two incidents at a health center operated by New York-based St. Luke's-Roosevelt Hospital Center show that sending a fax can turn an act that should have cost the organization a few cents into a settlement that cost hundreds of thousands of dollars.

In this case, an investigation by the Office for Civil Rights (OCR) found that an employee who worked at a center dedicated to treating patients with HIV/AIDs and other chronic diseases had faxed a patient's protected health information to a patient's employer, rather than the patient's personal post office box, as the patient had requested.

The fax contained details about the patient's health and personal history and medical treatment, including HIV status, medical care, sexually transmitted diseases, medications, sexual orientation, mental health diagnosis, and physical abuse, according to the May 24 press release issued by OCR.

During the investigation, which was triggered by a complaint the patient filed in 2014, OCR also found that the disclosure was the center's second such incident in less than a year. Nine months earlier, an employee at the center had sent another patient's information to a place where that patient volunteered. According to OCR, the center "had not addressed the vulnerabilities in their compliance program to prevent impermissible disclosures."

St. Luke's will pay $387,200 to settle allegations and enter into a corrective action plan. In the accompanying resolution agreement, OCR noted that the disclosure of information related to the diagnosis or treatment of HIV/AIDS and mental health conditions was egregious and that the disclosures had occurred against the patients’ expressed instructions.

Most Popular