The faxing of medical records to the wrong number is a simple mistake, but a serious problem. The solution should not be oversized, but it should emphasize that those who handle our health records cannot afford to have a casual attitude about their work.
A woman鈥檚 health records intended for her surgeon were instead faxed by Victoria General Hospital to a Victoria business, which has a fax number one digit different from the surgeon鈥檚. The business鈥檚 director says it鈥檚 the fifth time confidential medical records have been faxed to her office by mistake. On Tuesday, a second person came forward with more misdirected medical faxes.
Island Health鈥檚 privacy office is investigating, and so it should. But it shouldn鈥檛 be too difficult to figure out that the wrong number has likely been programmed into an auto-dial function. It shouldn鈥檛 take more than a minute or two to remove the number.
If the number is being entered manually, then an earnest conversation is required with the owner or owners of the stumbling fingers.
Then the question should be asked: Why send the faxes at all? The surgeon involved says he relies on electronic transfer of records and has not used paper faxes in many years. Are faxes being sent to other offices unnecessarily?
That is, from our perspective, a straightforward approach that should not consume a lot of time or resources. It doesn鈥檛 necessarily require new policies or new technology, but diligence in ensuring existing policies are followed.
Island Health has comprehensive policies regarding confidentiality of records. Health-care workers are authorized to read electronic patient records as required. When signing in to the system, they must declare the care relationship. Access is subject to signed confidentiality agreements and guidelines.
The security of a system depends on such things as firewalls, passwords and levels of authorized access, but those functions are only as effective as the people who operate them. There is no room for casual attitudes when it comes to confidentiality of patient records.
Nor is there room for idle curiosity, such as that shown by two nurses who looked at the confidential records of 112 people, including family and friends, over a period of about two years. The nurses had no care relationships with the people involved. The privacy office investigated and the nurses, appropriately, are no longer employed by Island Health.
There was no indication of any malicious intent, but a trust was violated.
In 2012, Vancouver Coastal Health fired a clerical worker who snooped at the medical records of several Vancouver media personalities. The worker admitted to looking at the records out of mere curiosity, and said she did not share the information in any way.
Nevertheless, seemingly small errors can have huge consequences. People trust that their medical records will be viewed by only those professionals concerned with their care. Learning that someone is looking at the records for entertainment or nefarious reasons leaves a person feeling vulnerable and exposed. Damage can easily result to a person鈥檚 well-being, career or reputation.
Technology is playing an increasingly large role in health records. It can be a valuable tool, but stringent safeguards are needed to ensure information doesn鈥檛 go astray. Sophisticated hardware and software are involved.
But any system is only as good as the people who operate it. Just as we want to have the right equipment in place, properly programmed, so too do we want to have the right people, properly trained and motivated, to look after health records.
It鈥檚 easy enough to send a fax to a wrong number, but the consequences can be serious. In handling medical records, there鈥檚 no such thing as a minor detail.
