Private Health Info Faxed to Wrong Number – for 15 Months (and Still Counting)

Talking about faxes going astray and so-called disclaimers trying to limit the damage, did you see the report at computerworld.com about the company in Canada that has been mistakenly receiving faxes containing confidential patient information – for 15 months?

The company receiving the faxes in Manitoba has a fax number just one digit different than the one the insurance group of Prudential Financial, Inc. uses. Doctors and clinics trying to fax information to Prudential apparently keep sending faxes astray, reportedly thousands of documents involving more than 1,000 claims.

Other reports tell us the data involves names, addresses, income, diagnoses like depression, social security numbers and other sensitive information.

Prudential says it correctly gives out its fax number and isn’t responsible for third parties who get the fax number wrong.

The company receiving the faxes says it initially contacted senders when it received a stray fax, but it had to stop doing that because of a lack of resources.

The article quotes an “analyst” as opining that it is the responsibility of the recipient of a fax gone astray to destroy the fax or follow any other instructions. Perhaps so, but no legal basis is offered by the analyst in the article to support that proposition.

Historically at common law, in many if not most states, people had no duty to assist or rescue another person in life-threatening distress, drowning for example. (It’s quite another story if someone begins to assist; then they have a duty to continue and to do so with reasonable care.)

So it would be interesting to learn that someone who has no duty to help a drowning person does have a duty to destroy a fax and follow any other instructions unilaterally dictated by the party who carelessly sent them the fax in the first place.

That’s not to say the recipient of a stray fax should use the information in any way because that use could generate liability of its own, but it seems a bit strong to say they have a duty to follow whatever instructions some stranger who dropped it into their fax machine dictates. If pushed on that front, perhaps the proper response of the recipient would be to sue the sender(s), alleging trespass to chattels for wrongly using the resources of their fax machine.

Class action, anyone?

Read the full story at Confidential patient data sent to wrong company – for 15 months at the Computerworld website.

Read our prior articles about disclaimers here and here .