A recent fax mix-up is highlighting just how important the human element is when it comes to cybersecurity. Andrea Scarborough, a resident of Lakeland, Florida, began to receive medical faxes from her local walk-in clinic that had nothing to do with her. The office, named Doctor Today, had worked with a printer that accidentally put Scarborough's fax number on all of their prescription pads, according to NBC affiliate WFLA.
This was a major mistake, as Scarborough could now view the health care documents of several other people. Considering how much personally identifiable information is generally contained in these kinds of records, this blunder could end up costing Doctor Today big.
"The clinic is 100 percent to blame here."
HIPAA violations are no joke
Although Doctor Today's owner Dr. Jeentendra Issar tried to blame Scarborough when she attempted to fix the mistake by coming into the office, the clinic is 100 percent to blame here. Jay Wolfson, a lawyer who knows his way around the medical field, sided completely with Scarborough. He said that the doctors are the ones who violated the Health Insurance Portability and Accountability Act, a compliance standard dictating how medical facilities store and transport health care records.
"She is not a party that is covered by HIPAA," Wolfson said. "She's not a provider of care; she's not an insurance company. She's certainly not a criminal. They have been negligent at least and it's up to the federal government and the state attorney general to determine whether or not there has been a criminal act."
Whether or not the administration at Doctor Today will be prosecuted remains to be seen, but if they are they can expect to face hefty fines. According to the American Medical Association, a health care facility doesn't even have to know it's breaking the law in order to be hit with high penalties.
A graph on the organization's website states that even if doctors exercised "reasonable diligence" and didn't know they were violating HIPAA, they could be forced to pay a maximum of $50,000 per violation. What's more, the site also says that there is an annual maximum for violations that tops out at $1.5 million. While this particular event most likely won't receive a penalty that high, it's important to realize how much a simple mistake can cost a medical facility.
FoIP and regular faxing demand careful inspection
Legacy fax machines, and the newer fax over IP systems, still require the people operating them to take the time to inspect the documents they're sending out. This is especially true within the health care field, where making even a minor mistake could end in massive fines.
The officials at Doctor Today may not be appreciative of how lucky they got. Scarborough certainly did the right thing here by coming forward, and it's truly a shame to see her receive backlash for it. That said, if these documents were to have found their way to a less moral person, this very well could have ended with multiple identities being stolen or even forged prescriptions.
Legacy fax and FoIP may be much safer than other digital forms of communication, but they still have their flaws that can be traced back to human error. The people operating HIPAA compliant fax servers need to understand the sensitivity of the documents they’re sending out if they wish to utilize FoIP’s security to the fullest extent.
Enhance enterprise communication, collaboration and compliance efforts with a proven FoIP solution from FaxCore. Contact FaxCore today to learn more about their 'Partly-Cloudy' fax solutions.
