medcomply.ai
Intel
The HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy RuleThe HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy Rule

I accidentally sent a fax to the wrong number

This may be a reportable breach. Take these steps in the next 24 hours.

  1. 1

    Tell your supervisor or privacy officer immediately

    Do not wait. Report the mistake to your practice manager or privacy officer right away. Time matters for breach response.

  2. 2

    Call the recipient of the fax

    If you know the number it went to, call and ask them to destroy the fax without reading it. Document whether they agreed. This can affect whether it's a reportable breach.

  3. 3

    Document everything

    Write down: what was faxed, whose information it contained, what number it went to, when it happened, and what steps you took. Your practice will need this.

  4. 4

    Your privacy officer will determine next steps

    They will assess whether this is a reportable breach under HIPAA. If the recipient could not have retained the information, it may not be reportable. Do not make this determination yourself.

Important

Your practice has 60 days from discovery to report a breach to HHS if it is determined to be reportable. The clock starts now.

Related

Ask AI about this situation →

Not legal advice. Follow your organization's policies and consult counsel for legal questions.