A world-renowned hospital in the U.S. has been mistakenly sending sensitive patient details to a bank that has absolutely nothing to do with the hospital or its patients. Staff at the bank contacted Brigham and Women's Hospital almost every week for the last six months asking for the faxes to be halted.
Every week the hospital sent a detailed report of three or four patients to a Boston investment bank, which wished to remain anonymous. The faxes contained the patients' medical records, Social Security numbers, birth dates, home addresses, ward numbers in the hospital, medical insurance details, blood groups, religion and the name of their doctors. The details were for women who had given birth that week. The information sent by fax also showed whether the mother and baby tested positive or negative for several diseases, including chlamydia, syphilis and hepatitis B. Nearly 30 women have been affected.
All the details on the faxes were billing information meant for the patients' medical insurance companies, but they ended up instead at a Boston bank.
“There is absolutely no reason why this should be coming to us. I'm highly disturbed about it," said the manager of finance at the bank. “This is very personal information that is being sent out." She added that the bank had shredded all the information it received from the hospital and that every time the bank had received a new fax they had contacted the hospital to inform them of their mistake. On every occasion Brigham and Women's Hospital had promised to take care of the matter. However, the day before the story went to the press the bank received yet another batch of patient records.
After the mistake was made public the hospital said in an official statement that it “deeply regrets mistakenly faxing patient billing information to an incorrect business fax number." The hospital also said it considered the incident “a serious matter" and that it was conducting its own internal investigation. “The hospital has identified the error and has taken immediate steps to correct the situation," the statement continued. The hospital also thanked the bank for destroying the documents and promised to inform all those patients that were affected.
“This is a glaring example of disorganization. It's one thing to accidentally send private data to the wrong fax number, but quite another to do so every week for six months, especially when they were warned about the mistake several times. I believe those employees should be charged with negligence because there is no kind of system that can protect against such a flagrant disregard for responsibilities," maintains Denis Zenkin, marketing director at InfoWatch.
Source: BostonHerald.com