How to lose $387,200 in a fax

by Julia Kyles, CPC on May 24, 2017
Two incidents at a health center operated by New York-based St. Luke's-Roosevelt Hospital Center show that sending a fax can turn an act that should have cost the organization a few cents into a settlement that cost hundreds of thousands of dollars.
 
In this case, an investigation by the HHS Office for Civil Rights (OCR) found that an employee who worked at a center dedicated to treating patients with HIV/AIDs and other chronic diseases had faxed a patient's protected health information to a patient's employer, rather than the patient's personal post office box, as the patient had requested.
 
The fax contained details about the patient's health and personal history and medical treatment, including HIV status, medical care, sexually transmitted diseases, medications, sexual orientation, mental health diagnosis and physical abuse, according to the May 24 press release issued by OCR.
 
During the investigation, which was triggered by a complaint the patient filed in 2014, OCR also found that the disclosure was the center's second such incident in less than a year. Nine months earlier, an employee at the center had sent another patient's information to a place where that patient volunteered. According to OCR, the center "had not addressed the vulnerabilities in their compliance program to prevent impermissible disclosures."
 
St. Luke's will pay $387,200 to settle allegations and enter into a corrective action plan. In the accompanying resolution agreement, OCR noted that the disclosure of information related to the diagnosis or treatment of HIV/AIDS and mental health conditions was egregious and that the disclosures had occurred against the patients expressed instructions.
 
The information contained herein was current as of the publication date. © Copyright DecisionHealth, all rights reserved. Electronic or print redistribution without prior written permission of DecisionHealth is strictly prohibited by federal copyright law.