Confidential patient data sent to wrong company -- for 15 months

Computerworld - A small Lockport, Manitoba-based distributor of herbal remedies has for the past 15 months been mistakenly receiving faxes containing confidential information belonging to hundreds of patients with Prudential Financial Inc.'s insurance group. The data exposed in the breach -- and faxed to the company by doctors and clinics across the U.S. -- included the patients' Social Security numbers, bank details and health care information.
So far, at least, efforts to deal with the issue appear to have failed, said Jody Baxmeyer, vice president of marketing at North Regent RX, the company that's been receiving the faxes.
The situation has been caused by North Regent's toll-free fax number, which is nearly identical to one used by Prudential to receive medical claims-related information from doctors, Baxmeyer said. In fact, the two numbers differ by only one digit, Baxmeyer said.
As a result, North Regent's Lockport office has mistakenly received thousands of documents sent to the wrong fax number that involve more than 1,000 claims. The documents contain detailed patient medical histories, Social Security numbers and bank information meant for Prudential's insurance division.
Baxmeyer said his company contacted Prudential about the problem in October 2004 -- when North Regent first began operations -- and then followed up again in April 2005 when it had not heard back from the company. "Prudential's point of view was that, 'We are not the ones faxing the information,' which is ridiculous," Baxmeyer said. "They are the ones that solicited the business from doctors and clinics, and they are the ones setting up the protocols for receiving the information."
In a statement today, Prudential officials disagreed, saying the company cannot be held responsible for third parties who are sending the information to the wrong fax number.
"Prudential Financial's fax number is accurately listed on all of our forms and communications," the company said in an e-mailed statement. "Effective immediately, North Regent RX will forward to Prudential Financial all faxes it has received, as well as any it may receive in the future."
Initially, North Regent contacted the doctors' offices, clinics and even patients directly when it received a fax meant for Prudential. But the company doesn't have the resources to continue doing that, Baxmeyer said. "What happened was it became a point of distraction for us. It would have taken an effort that we were not capable of."
According to Baxmeyer, North Regent in April offered to sell its toll-free number to Prudential for a fee that included the costs of acquiring and publicizing a new toll-free fax