Healthcare News & Insights

Wrong number leads to breach of patient data

Protecting patients’ confidential data doesn’t just mean preventing complex cyber attacks or catching information thieves working inside the hospital — there are plenty of simple staffer mistakes that can also lead to data breaches. 

76696767And in many cases, older technology can create as many IT security dangers as newer EHR systems and other health IT. That’s what was shown in a recent breach involving a fax machine.

WestCoast Children’s Clinic of Oakland, CA, recently reported a data breach that leaked one of its patient’s information, including the person’s name, treatment history and test results.

What happened: The hospital tried to fax the patient’s records to the family, but an employee entered the wrong number.

Fortunately, the person who got the fax on the other end did the right thing and notified the hospital of the mistake, saying that the documents received were shredded. However, another hospital and patient might not have been so lucky.

Need policies and training

Breaches such as this show the importance of effective policies and procedures — and why proper employee training is a must. Even the simplest of tasks can create complicated security problems when patients’ protected health information is involved.

According to the WestCoast Children’s Clinic, the employee who made the mistake did not follow the hospital’s normal procedures before sending the fax, which including sending an initial fax to verify that the correct number is being used. The employee was disciplined, officials said.

In addition to outlining procedures designed to minimize errors, hospitals must train employees to take great care when sending patient information in any manner. Beyond faxes, other methods of communication can also lead to breaches.

In fact, WestCoast Children’s Clinic suffered a data breach in November of last year after a patient’s record was emailed to an incorrect recipient. In that case, too, the hospital was fortunate that the unauthorized recipient, a county social worker, understood that the information was sensitive and deleted the email.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.


  1. Prof. Matt Wilson says:

    It’s A shame things like this are still happening, especially when you have services such as WhiteFax which stops potential breaches using a plug in adapter see