The HIPAA Beast

This is a true story. We recently changed medical carriers (3/1/03). I had to complete an application to access the health carrier's web site. The application was 4 pages long and required the signature of the Primary Controlling Authority, Alternate Controlling Authority and a signature of a witness. It took 3 weeks for approval.

Then I received 2 letters from the carrier 2 days apart. One letter has the User Identifier and the other letter had the Temporary Password. The temp password had numbers, small letters, capitol letters and more numbers. When I tried to access our account, I kept getting the message "Incorrect Password". Finally the system just locked me out for too many attempts to gain access.

One of the letters told me to call my representative. Upon calling him, I was given a telephone number to the corporate office. The corporate office then gave me a telephone number to the IT department in Kentucky. After the IT person made sure I was who I said I was, they refreshed the web site and told me to sign in again this time to use only the first 8 numbers of my temporary password. When I asked why the letter I received had more letters and numbers, the reply was that the carrier wanted to make sure the correct individual got their letter and this was the only way to make sure. They intentionally gave me an incorrect password!

Okay, now I'm signed in, right? Wrong! Now I had to register the group with the carrier. This took seven screens and some time to receive approval to use the web site. I don't know if I have been approved. I'm afraid to look.

Comments

  • 30 Comments sorted by Votes Date Added
  • [font size="1" color="#FF0000"]LAST EDITED ON 04-25-03 AT 06:03AM (CST)[/font][p]Sounds like a double-scotch night!

    EDIT: Also sounds like a girl I dated in college. She gave me the wrong dorm name on purpose and later said, "I just did that to see how serious you were about finding me."
  • Wow - I have nothing to compare that to. Thank goodness!
  • Wow! It's like trying to break into Fort Knox with a paper clip and some chewing gum. A wrong password on purpose, that's a new one for me.
  • Have them look up the word STUPID in the dictionary!
  • Ritannz: I recently had the same experience. Talk about being paranoid.

    Have a great weekend. I am glad it is Friday.
  • Speaking of HIPAA:

    Try working in a cardiology practice where the majority of our patients are elderly and have been with us long term. Good case scenario: Husband and wife have been married 50 plus years and have always been able to call the doc about their health related questions about each other. When Mrs. X calls to inquire about a prescription that Mr. X has been prescribed and what it is for, she is informed that that they can't give her that information because of privacy issues. You haven't seen anything until you observe an irate octagenarian coming at you with a cane!

    My mother, who is the caretaker for my father, called his physician's office to inquire about a certain blood test that he has to take periodically to measure coumadin in his blood (anti clotting agent) and she was told that because my father had not signed release forms, she could not get information. My mother had to get off work, go get my father, bundle him up in the car, and take him down to the doctor's office to sign release papers to get information she has been getting for years.

    So....make sure that you have signed proper forms at your physician's office so that someone in your family can get information on you in case of an emergency.

    I can't see any possible explanation for such tactics except it gives some paper pushers in Washington something to do to justify their existence. It certainly has made many patients angry and caused ill feelings between physicians' offices and patients.
  • I thought the way it was going to work was that the people that wanted the information to be kept private would have to be the ones to go through the trouble of filling out the paperwork. Signing something to the affect of "I want my info to be kept private". It seems like that would make more sense than to make everybody have to sign release of information forms. I guess that would make too much sense, and we all know that we have to keep those paper-pushers busy.
  • My father in law was urgently admitted to a hospital in a far away State last April 1st. There was no tine to sign a release form. The attending doctor refused to talk to anyone over the phone ! So in these kind of cases, how is the family to find out more about the patient's condition?

    A "beast" indeed !

    Chari
  • I've decided to chime in here and provide a different viewpoint. Although I understand the frustrations you're all feeling, I've got to play devils advocate here.

    This law is enacted for our safety and people need to understand that, although inconvenient, they can rest assured that "Joe Schmo" who calls up a doctor saying I'm so and so's care taker, have been for years, here's all the info you need...etc., doesn't get your private health information without your say so...Even if you've been doing it for years. What if you don't want "Aunt Mary Sue" to know about treatments you're having because she's quite the busy body you know...

    Isn't it nice to know that not just anybody has access to your personal medical issues / records. Just think of what happend to Michael Jordan, someone told the world about his medical history, would you want that to happen to you?

    Food for thought.
  • Ms. HS: Obviously you have not been to a doctor, pharmacy or lab since 4/14/03. The frustration of trying to pick up your spouse's prescription is teeth clenching. You are now a number at the lab because no one in the waiting room can know that Ms. ------ is there for tests. Your doctor's office has their own Privacy Notice you MUST read and then sign a paper stating that you read it. AHHHHHHHHHHHHHHHHHHHH What else will they think of??

  • One of the clinics in our area has solved the calling out of names in the waiting room issue by giving the same sort of beepers you get at some restaurants to the patients. What a fabulously easy solution!O=*
  • [font size="1" color="#FF0000"]LAST EDITED ON 05-01-03 AT 06:09PM (CST)[/font][p]HS I agree with you to a point. However, if my wife needs to know information about me and my condition she should be able to access that information without the burden of having to fill out a multitude of forms. If I'm on my deathbed I don't want to die because she was tied up filling out the forms, or unable to get the forms signed because I'm in a coma. That's one of the reasons to get married is to have someone be able to make these kind of decisions if you are unable to.
    Or if I need to help my mother out with her medication I should be able to so without having her have to sign her life away.
    People that want to keep their private info private should be allowed to do so, but they should be the ones with the burden of paperwork and other things that will grant them that privacy. If Michael Jordan wants his info kept private, let him deal with it. Don't force me to at the same time.
    If someone pretends to be a relative to get info on me, then that is fraud and there are already laws on the books to deal with that. And quite frankly I'm really not as interesting to the world as Michael Jordan so I don't think anyone really cares what I'm seeing a doctor for. Just my thoughts.
  • We're all entitled to our opinion. I for one am glad someone is taking an interest in protecting my information. No, I have not yet been to a doctor or a hospital since the "day", but that doesn't matter one iota. If it is that important to people that their information can be accessed by other family members with ease...we've known about HIPAA for a long time. People should have taken care of this in advance with their doctors by giving them their directives, etc. In this day and age when you can learn how to make a pipe bomb on the internet, or can hack into any records you choose if you know how...I for one want to know that measures are being taken to ensure that my private health information is being kept as secure as possible.
  • I think the real culprits here are providers who have gone way overboard because they don't want to become a test case. This is what happens when the provider's legal counsel issues a directive that summarizes HIPAA and stresses the worst-case scenario. Senior management passes their own - even stronger - rewording to IT, and tells the IT manager it's his butt if anything goes wrong. The IT manager has never seen a legitimate review of the HIPAA requirements, but it sure sounds like a major lockdown is required, and he delivers... with phony passwords and all.
  • Don't you just love it? The people who were selling off the information should have to pay for all paperwork and ill will that this has come to. Just like the SSN, everybody and their dog can find out (and use!) your information with those nine digits. Frightening. It reminds me of George Orwell's novel, "1984". Who really needs to know?
  • People who go to all the trouble to pretend they are someone else just to get medical information on a relative, etc., must lead a fabulously boring life!

    Before HIPPA, in our practice, we had measures in place to protect patient privacy. In fact, one of our employees wanted to get information on her father's death, but the mother did not want any information given to this daughter for some reason. Despite what we thought, she was not entitled to this via the next of kin. But....one of our employees in medical records took issue with this and copied the medical records and gave them to the employee. Needless to say, both were summarily fired for doing this.

    Now, with HIPAA firmly in place, these individuals would have been subject to about a $50,000 fine, not to mention what the practice would have to cough up.

    Unfortunately, most of the people who will be hurt, inconvenienced by this law will be the caregivers of sick individuals, not the "busy bodies" out there.

    Try going into the hospital nowdays and you will find in addition to the other paperwork you have to be bothered with, you are presented with a 10 page privacy packet (no lie!) which covers down to the point where even your minister can't visit you unless he has permission. If the minister calls the hospital, they cannot even be told if you are a patient unless you want him to know. (although some people might find that a blessing)!
  • The posts above are pretty interesting. I just attended a HIPAA training session yesterday and one of the things that was mentioned was that you CAN call out a patient's name in a waiting room. Also, patients in a hospital will have their name listed in the directory unless they wish to opt out. What was stressed is that you cannot talk with a patient in a waiting room about their health, you must keep all identifiers separate from PHI if it is going to be released in an aggregated format, or you must have a specific release signed by the patient. You CAN share the information with anyone who needs to know it for providing care or billing, assuming they are also a covered entity or have signed a Business Assocate Agreement.

    The instructor claimed this is just the law forcing everyone to comply nationally with something they were doing already with privacy. hmmm

    In any case, most of us will find having to sign something a pain. But to some it will be a good thing. If you found out you had something you wished to keep private it would be nice to know that you really can keep it that way.

    I have another idea, though I don't know if it will work. My daughter gives me a signed authorization every year. This paper says I can authorize treatment for my grandchildren which I carry with me always (one of my grandsons almost bit his tongue off in a fall in another town and had to wait hours for his mom to get there so he could receive treatment). I think I will have my husband sign something that says I can recieve and medical information on him. It won't help to follow up on tests via a phone call, but might save me some headaches if he is taken to emergency in a coma.

    Sorry so long-winded today. Have a good weekend.
  • I think that hospital's and doctors offices have taken it way too far. My mother was admitted to the hospital on Friday, my brother who was supposed to call me forgot to. I found out from my father when I called to talk to my mother. My father, who suffered memory loss from an anoxic brain injury, couldn't remember her room number. When I called the hospital to talk to her, I was told that if I didn't know the room number they couldn't connect me. I explained the situation with my father and still got nowhere. I am not within an easy commuting distance of my family, so I couldn't even go to the hospital to see if they would let me in. I finally reached my brother yesterday and got the room number so I could talk to her. The law may say that patient's can be listed in the directory, but without a room number, try getting through.
  • Wonder how this will affect all those pharmacists who are up on raised platforms behind counters, almost inaccessible to the public, answering people's questions about their medications? Don't they need a private counseling area or something less public when they discuss these issues? Typically there are 10 or so people sitting or standing around in a tiny area and most have a question or two for the pharmacist. The pharmacist today has gotten so high and mighty that you have to ask the question of a clerk who then turns and shouts your question to the pharmacist and then the answer follows the same route in reverse.
  • Maybe I should request a PRIVATE room to check my blood pressure and pulse rate on their little machine while I'm waiting for a prescription to be filled. Heaven forbid that Billy Jo Bob see my systolic number!
  • >Wonder how this will affect all those pharmacists who are up on raised
    >platforms behind counters, almost inaccessible to the public,
    >answering people's questions about their medications? Don't they need
    >a private counseling area or something less public when they discuss
    >these issues? Typically there are 10 or so people sitting or standing
    >around in a tiny area and most have a question or two for the
    >pharmacist. The pharmacist today has gotten so high and mighty that
    >you have to ask the question of a clerk who then turns and shouts your
    >question to the pharmacist and then the answer follows the same route
    >in reverse.


    Hey Don!

    Pharmacists are not allowed to do this any longer. If they shout out any medical information or converse with a patient out in the open concerning their medical conditions, they have violated this person's privacy according to the HIPAA Bible.

    Maybe they can hang one of those invisible lines from the ceiling (like they do for Vegas entertainers) and hoist the patient to pharmacist level so they may converse at the higher pharmacist level.


  • Regarding Rockie's post about the minister visiting, I learned a long time ago that the only way to keep the Baptists away (I'm one) is when you move to another town or go into the hospital, tell the 'welcome wagon people' and the registration desk you're Jewish. I mean this in good humor; the guys on the black bicycles and the Baptist door-knockers and the dinner time telemarketers all can be maddening. Regardless of how much value they attach to their own purpose, none of them were invited to dinner.
  • >Regarding Rockie's post about the minister visiting, I learned a long
    >time ago that the only way to keep the Baptists away (I'm one) is when
    >you move to another town or go into the hospital, tell the 'welcome
    >wagon people' and the registration desk you're Jewish. I mean this in
    >good humor; the guys on the black bicycles and the Baptist
    >door-knockers and the dinner time telemarketers all can be maddening.
    >Regardless of how much value they attach to their own purpose, none of
    >them were invited to dinner.

    Don...that's interesting about the Baptist minister. My father recently had ear surgery and you would have thought he was at death's door. The minister came up to the hospital with his "enterouge" which consisted of about 6 retired men who go around in a pack visiting people in the hospital and taking up all the spaces in the waiting room. I told my mother if I ever had surgery, you could bet your bottom dollar, no one would know until I was back safely at home behind locked doors.

    The only bigger event for Baptists is a good,ole fashioned funeral.



  • I don't know what the hospitals will do going forward, but in the past every time a person checks into the hospital, there's a religious preference blank on one of the 63 forms you fill out. You check Baptist (or any other) and when that herd comes to the reception desk the next day, they run a finger down the register to see who checked Baptist and VOILA!, you have a visitor. Talk about being a captive audience. Flat on your back, you can't exactly tell 'em, "I've gotta run, preacher." or "I think I hear my kettle whistling." Check Jewish. Or write in Situational Ethicist.
  • I have found that saying that I'm a devout agnostic works very well.
  • Down here in the south, saying that will only get you more visits from the fundamentalists. They would see you as a challenge and will come to your room 'for your own good, sister'.
  • How about "secular humanist"? Would I be safe with that?
  • That is the difference between my town (NYC) and yours. Here every religion probably has representation at every hospital. Reminds me of the old expression that begins "Some things are unavoidable".
  • I went to a seminar in February on HIPAA with a fabulous presenter. One of the things she shared was one of the originating reasons for HIPAA - which has been in the pipeline for a long time by the way. Banks, insurance and investment companies owned by the same corporation would share "info" about how long Mr. Smith would probably live and then deny his mortgage, or place a higher interest rate on it than Mr. Jones who didn't have a history of heart disease. You hate to think of this happening, but we have a come a long way since "1984". I just don't know if it is in the right direction!
  • This conversation made me think of the ballgame that was broadcast nationwide in '76 or '77. Broadcasting hall-of-famer Keith Jackson announced that Bobby Murcer, who had just homered, had promised to do so for little Billy So-and-so, who was in a pediatric cancer ward and had only another month or so to live.

    Problem was, little Billy didn't know he had cancer, and certainly didn't know he only had another month to live. He just knew he was sick and in the hospital.

    Jackson was extremely upset and very nearly retired. He said later that it took him years before he could get over his fear of commenting on anything that wasn't actually occuring that moment on the field of play.

    Anyway, think how different the scene would be in which Babe Ruth promises to hit a homer for the sick child, surrounded by clicking cameras and reporters at the side of the child's hospital bed. Good thing for Babe he predated HIPAA.
Sign In or Register to comment.