The front line of HIPAA is a whisper


I had occasion to see my doctor this week.  What for is irrelevant, but somewhat the premise of this discussion.

When I approached the registration desk of my physicians practice I was asked, in a loud voice: “Name”?  I respond, “Les Jordan”. 

“What doctor are you here to see”? 

I respond with my physician’s name.

“Is your date of birth…” and states my date of birth out loud.

“Yes.  That is me.”

“Are you still living at…” stating my full street address and zip code.

“Yes.  I still live there.”

“Is your phone number…” and repeats my phone number for all the world to hear.

“Are you sill employed by Microsoft or have you changed employers?”

“I am still employed by Microsoft”.

“Is your insurance still through…” and named my insurance carrier.

“No change in my insurance info.”

“OK – Sign this release form and proceed down to…” now, it could have been Urology, Internal Medicine, Psychiatry, Cardiology or any number of specialties covered by that practice.  Any one of which would have implied a smaller range of diagnosis and why I was at the doctor.

Think of what that in-take secretary just announced to the world:

  • Name, Date of Birth, Address, Phone Number
  • My employer
  • My insurance carrier
  • The Doctor I am seeing
  • The specialty of the doctor – which implies a smaller range of diagnoses.

 

How much PHI was just revealed?  As I look around me in the waiting area, I wonder if the person with the PDA or SmartPhone just recorded all that info.  If they did, may it have been enough to violate my rights under HIPAA?

At this major practice in the Boston area and practices throughout the country, HIPAA may be violated every day simply by having their intake practice be verbal, not confidential and not electronic.

Comments (2)

  1. garland5509 says:

    I quite agree.  It infuriates me when a reception person, nurse, etc., basically gives all my information to everyone in earshot–even my Social Security #!!  When it comes to that point I refuse to answer aloud and either write it or tell them we need to be in a more private area.  These offices spend literally thousands of dollars sending out privacy notices every year; that must be just a "cover my butt" exercise.  The  HR staff or person at the practice (or bank or mortgage company or…) should explain the effect this careless action has on a victim of identity theft.  Better yet they should take them to see the victim of a home invasion, robbery or kidnapping.  This is a very real danger.

  2. Tab says:

    This is a blatant HIPAA violation, and would result in a multi-thousand dollar fine, if reported.

Skip to main content