[ Wednesday, June 14, 2017 ]
St. Luke's-Roosevelt's Faxing Problem:
Jeff [11:36 AM]
An NYC hospital has been fined $387,000
for two misdirected faxes. That's a big fine. Why?
Three reasons: One, all fines are big these days. OCR still feels it needs to make an impression, and if you've done wrong and get caught, you're going to pay in a big way. Two, the PHI that was disclosed, and whom it was disclosed to, were pretty egregious: it was HIV and STD information (and mental health status), and it was faxed to the patients' employer in one case, and to the organization the patient volunteered for in the other. Three, it happened twice. The case that generated the complaint was the second time a fax had been misdirected, and St. Luke's didn't fix the issue the first time around.
Doing a risk analysis is the thing everyone must do. If you never have a problem, good; just keep re-analyzing on a regular basis, and maybe you'll continue to be so fortunate. But if you do have a problem, treat is seriously and fix it. Give it the attention it needs. Deal with it. Not even OCR expects you to be perfect, and they know mistakes will happen even to the most prepared entity. But you don't get more than one bite at the apple.
Blogger: HIPAA Blog - Edit your Template