Health care providers are being urged to use extra care following an investigation into a misdirected fax containing sensitive health information.
The investigation was prompted when an individual received a three page fax from the Misericordia Hospital which contained detailed records of the birth and subsequent medical treatment of a child which had been given up for adoption. The records identified the child by name, date of birth, patient identification number and unique lifetime identifier. The records also identified the adoptive parents and contained information about the biological mother.
The investigator determined that the unauthorized disclosure of this sensitive health information could have been avoided had the custodians accessed the report through Alberta Netcare instead of faxing it multiple times. She directed custodians to assess whether or not health information can be accessed through a secure information system like Alberta Netcare before assuming the privacy risks that exist when health information is faxed. The investigator recommended that Caritas Health Group review its policies and procedures related to faxing health records and reminded custodians of their duty to take reasonable steps to protect health information against unauthorized disclosure when that information must be sent via fax.
This is the latest in a series of misdirected faxes involving health information. The Information and Privacy Commissioner urges custodians to follow simple steps in making sure faxes are going to the intended recipient, including dialing numbers carefully, double checking the number before sending and confirming with the recipient that they received the fax.