Information and Privacy Commissioner releases report on hospital’s fax machine privacy breaches

St. Joseph Healthcare Hamilton reported over 1,000 unauthorized disclosures in 2020

Information and Privacy Commissioner releases report on hospital’s fax machine privacy breaches

The Office of the Information and Privacy Commissioner of Ontario (IPC) has concluded its review of the high number of privacy breaches at St. Joseph’s Healthcare Hamilton due to misdirected faxes.

The IPC said misdirected faxes are the leading cause of unauthorized disclosure of personal health information (PHI) in Ontario. In 2020, St. Joseph’s submitted its annual statistical report revealing 1,006 unauthorized disclosures of PHI, with 981 disclosures due to misdirected faxes. Given the large number reported, the IPC has reviewed these incidents.

The hospital explained that the number of misdirected faxes was over-reported to the IPC. The hospital also claimed that a contributing factor to the increased use of fax transmissions in 2020 was the COVID-19 pandemic, which caused heightened demand for health information reports to be sent through fax to primary care providers.

Following IPC’s investigation of the privacy breaches, the hospital has made several changes to prevent the re-occurrence of these incidents, including improved breach management, patient notification, and reporting. The hospital has also started pursuing plans to eliminate or reduce the use of faxes. It has since implemented an “e-referral first” policy for referrals from primary care providers. The IPC is also actively working with other health system partners in the region to reduce the overall use of faxes in favour of more secure electronic solutions for transmitting personal health information.

“Fax machines have no place in modern health care delivery,” said Patricia Kosseim, information and privacy commissioner of Ontario. “Our report reveals the risks to personal health information from misdirected faxes and how to mitigate those risks through proper checks and balances. But more importantly, our report demonstrates the enormous potential for stakeholders to work proactively together, and in coordinated fashion with the ministry, to replace faxes with more secure communication technologies that will strengthen Ontarians’ trust in the health care sector.”

The IPC was satisfied that the hospital had made reasonable efforts to notify all the affected patients whose personal health information was breached. The IPC has also recognized the steps taken by the hospital to address the problem on a systemic basis.

Related stories

Free newsletter

Our newsletter is FREE and keeps you up to date on all the developments in the Ontario legal community. Please enter your email address below to subscribe.

Recent articles & video

Beware the bias of experts: Thomson Rogers’ partner, Robert Ben

Slip-and-fall claims rebounding after pandemic lull: personal injury lawyer

Avi Weiss on building in-house counsel network, crypto, and choosing the right professional path

Former deputy premier Christine Elliott joins Western University law school as leader in residence

Court rejects contingency personal injury fee retainer agreement because of deficiencies in form

Ontario Court of Appeal orders amicus to produce co-accused’s psychiatric report

Most Read Articles

Tribunal revokes licence of doctor George Otto convicted of trafficking in fentanyl

Slip-and-fall claims rebounding after pandemic lull: personal injury lawyer

How family lawyer Kevin Caspersz recommends clients keep legal costs down during divorce season

Court rejects contingency personal injury fee retainer agreement because of deficiencies in form