Grant Medical Center Repeatedly Sent Faxes with PHI to the Wrong Recipient

OhioHealth’s Grant Medical Center sent faxes containing the protected health information (PHI) of a patient to a wrong recipient over the past several months, in violation of the Health Insurance Portability and Accountability Act (HIPAA).

Elizabeth Spilker, the recipient of the faxes, attempted to inform Grant Medical Center several times regarding the misdirected faxes, although despite those attempts the faxes continued to be sent. She sent back a fax message to the same number to request the sender correct the fax number and send to the right recipient. She also tried to make a phone call to the medical center. It was only when Spilker told ABC6 about the matter that action was taken.

Spilker told ABC6 that she had been receiving faxes from Grant Medical Center for over a year. The faxed messages disclosed a variety of PHI such as names, ages, weight, medical history, prescription drugs, and other sensitive medical information. Usually, she received the fax messages at the end of the day.

ABC6 reporters told Grant Medical Center in Columbus, Ohio about the privacy breach. Later, the medical center issued a statement that the matter had been taken care of. OhioHealth also clarified that the fax messages had been sent for about 6 months only and for a year as Elizabeth Spilker suggested to ABC6.

After reviewing and auditing the fax system logs, OhioHealth identified three fax messages had been sent in error. The problem was due to an incorrectly entered fax number in a patient’s medical record, in which two digits had been transposed. The problem has now been corrected and faxes are being sent to the correct recipient. The fax messages received by Ms. Spilker have been shredded and the patient whose PHI was disclosed has been informed.