Incident Summary #1: Misdirected faxes containing health information end up in apartment managers' hands
The OPC investigated two separate incidents where health information was sent by facsimile to the wrong recipient. In the first incident, Dynacare sent a misdirected fax containing personal health information. In the second incident, Viewpoint sent a medical evaluation to an incorrect number. Both companies were found to have contravened PIPEDA by disclosing personal information without consent. Recommendations were made to both companies regarding faxing procedures, employee training, and notification of affected individuals.
- Disclosure of personal health information without consent via misdirected facsimile transmission
- Responsibility for and accountability of employees in faxing personal information
- Adequacy of organizational policies and procedures for protecting personal information during transmission
- Notification of individuals whose personal information has been disclosed
Complaints well-founded and resolved
Both Dynacare and Viewpoint contravened PIPEDA by disclosing personal information without consent when misdirected faxes containing health information were sent. Both organizations implemented corrective measures during the investigation that were satisfactory to the OPC.
AI-generated summary for reference only. Always verify against the official decision ↗
Both organizations implemented corrective measures including revising policies, enhancing employee training, and taking steps to verify fax numbers. The OPC recommended implementing OPC guidelines on faxing and annually reviewing confidentiality agreements.
- PIPEDA
This summary is informational only and not legal advice.