Banks are good at keeping things private. Your money, your information, and so on — their whole purpose is to take care of your stuff and keep it yours and yours alone.
That is the one redeeming element out of this story in this morning’s Boston Herald. It seems that somehow a wrong phone number has been programmed into one of their fax machines, and hospital employees have been cheerfully sending confidential patient admitting records — containing names, addresses, social security numbers, dates of birth, insurance carrier, blood types, room assignments, religions, blood types, and medical test results — including STDs — to somebody they shouldn’t.
Namely, an investment bank.
The bank (who is, thankfully, not named) immediately called the hospital to alert them about this. The hospital was shocked and promised to fix the situation immediately.
That was six months ago, and still every week they get all this information on women who have just given birth at Brigham and Women’s Hospital.
A representative of the bank says that she’s personally shredded all 30 of the faxes they’ve received, and called the hospital a dozen times. But they still keep coming. Finally, in frustration, she contacted the Boston Herald, hoping a little adverse publicity will get more results than her private phone calls.
There was a time when I had to go through something similar. What I did finally was, wrote on a sheet of paper in very large letters that this was the wrong fax number. Everytime I received a fax, I would send it. It worked for me eventually. Sometimes though you really have to wonder about these people.
Very dumb on someone’s part at the hospital, expecially now that they have been notified of the error. It’s a HIPAA violation, and there are potential fines or jail time for negligence with this sort of data.
And it is NOT a hard thing to figure out and prevent. They are VERY lucky the wrong number is a bank where there is more sense about privacy.
I’m sure one of our lovely lawyer-types could make a HIPPA violation case out of the woman who called the newspaper to get the faxes stopped.
My home phone used to be one digit off of the local megahospital’s burn unit, and one of the nurses had my number written down instead of the correct one.
That used to make for some pretty awful 2 AM wrong numbers.
Imhotep’s on the right track here, but with the wrong subject. B&W is in a huge HIPPA pickle with this.
As for the banker, I hope she had a witness to her shredding the unrequested “personally identifiable medical information” (read HIPPA and you’ll understand), ’cause B&W’s attorney will do her best to shift the blame to the banker.
The bank has absolutely no HIPAA exposure. They are not a covered entity under the law, which applies to providers, payers, and certain health insurers.
BW, however, has an enormous problem. I wouldn’t want to be their Privacy Officer.