HIPAA and you

So, this letter. The one from shithead memorial park (actually, as you may have guessed, their name is not shithead memorial park. It is Sunset Memorial Park of North Olmstead) ? They don't send this stuff to random 36-year-old women. Not ads for burial plots. You can't tell me they do. This was targeted on information supplied by someone at the hospital in CLEAR violation of federal HIPAA law.

Now, I've spoken with a couple lawyers... ONE letter is not particularly actionable (although we are going to try). TWO letters, sent to two different recent diagnosees within days of their diagnoses is actionable. Three or more would make it a slam dunk... and as we all know, criminals are stupid. There are more of these out there.

If anyone knows anyone else recently diagnosed, particularly at fairview... please gently point them this direction and maybe they'll go "A-HA! I got one of those!" If we get a couple we're all going to pay some bills with it... and right now we need all the help we can get in that department!


Jim Dustin said…
That is awful and it does look like a HIPPA violation, not to mention all levels of decency.

Hospitals run closed network systems, so it probably wasn't hacked, although hospitals and insurance companies are all struggling to keep up with devices like iPhones and other personal devices being added to corporate networks. It's a network security nightmare. The fines are very steep and when I worked at Blue Cross, any breach was immediate grounds - and even then, the data was only even accessible to certain areas, such as customer service. HIGHLY monitored.

There is also the possibility that your name was plucked from the internet. Facebook (and Blogger) is wide open and, well people use it for more than social networking. They use it for social engineering - which is the art/science of culling information from posts, to figure out other lovely things like ID theft and possibly sleazy mailings.

Something like this really is stupid, because the trail is so obvious. Wherever the info came from, they acted on it. Maybe on Chemo days, you can ask some of the others if they received any mailings.

Amongst all the good vibes and helpful peeps and really dedicated healthcare workers, there are still low-lifes to deal with.

Your attitude is fantastic.
Ryan said…
The letter pre-dates this blog or any facebook post (not that you could get our address from either of those anyway). It had to come from the hospital or the moll pavilion. Actually, it probably could have come from anywhere in the Clinic network... probably hundreds of people have enough access to compile a list to sell. It's probably not just cancer patients either...

I'd just love to cha-ching this right through our deductibles! Sound cynical? Maybe. I don't give a shit. Someone screwed up BIG, and we really need to come up with a LOT of money!!
Jim Dustin said…
Doesn't sound cynical at all Ryan. I hope you find them. Best.
Oh shit. I can read ahead. :(

I seriously just read this a few minutes AFTER the first post. It seems that trying to read the blog chronologically bit me in the ass.


Now, realizing you two aren't "sue happy" like the rest of the world is; I think in this case, this is a way to, A) make medical facilities MORE aware and protective of their patients information, and B) Learn the hard way, but paying for the breach of information.

Yes, this will be absolutely to your benefit because of the costs of the treatment; but an equally important mention is that it is illegal and BEYOND immoral for your personal medical data to have been made available to ANYONE outside of the staff DIRECTLY associated and responsible for your care.

Shit, even if I get my MD, and I was visiting you as a relative, your care facility can't give me a SHRED of information, no matter WHO the fuck I am. Doctor, surgeon, your cousin, or even your sister. That approval to share information has to be made through YOU, and doesn't mean that it's just an open book. You indoctrinate that person, and only them.

Sorry I just went off on that tiatribe. I've been spending so much time with residents and patients, that it's absolutely infuriating to see THAT shit happen.

It's one thing to say that I witness breaches of infection control pretty much all the fucking time (a completely other fucking topic, let me tell you), but another entirely that any facility wouldn't be in the process of CRUCIFYING whomever got that information out. That facility can be put in the spotlight that will do more than damage it's reputation.

Yeah. That's pretty much enough out of me.

Love you! Make 'em pay!
Shannon said…
Oh, please. Mail me and I'll tell you and your lawyer ALL ABOUT the massive HIPAA violations going on in the outpatient lab at Fairview as of last week. It was so ridiculously obnoxious I'm still reeling about it. Mallorie should have my direct email address if you don't.

Popular posts from this blog

Infected. Again.

If you get email updates or anything, I'm sorry!

Keep talking to be okay.