Post · bonfire.cafe

Anybody really understand HIPAA? I ask because it seems the hospital where I was taken recently after a bad fall seems to have violated my privacy. I got a call from the foundation associated with the hospital asking me to donate money. She knew my name, phone number, that I’d been treated at the hospital, and the name of my doctor. When I blew my stack she said she did not know what I was treated for. So … was this a HIPAA violation?

#HIPAA

#hipaa

podfeet

@podfeet@chaos.social · 9 months ago

The prevailing wisdom y’all gave me appears to be right. I dug up the consent form we signed, and while only says the patient's name and address may be released to the Foundation, and they called me on the phone, but I suppose that's a technicality not worth pursuing.

David Sheneman

@tvwonder@mastodon.social · 8 months ago

@podfeet still feels icky

macquilter

@macquilter@toot.community · 9 months ago

@podfeet Not sure I agree 100%. Yes, they could have found your phone# almost anywhere by cross-referencing your name/address. However, they also knew your doctor’s name and that you’d been at the hospital. I do think that’s a violation of your privacy.

garland

@garland@social.seattle.wa.us · 9 months ago

@podfeet That could be a violation. I’m not an expert. Here’s the website for filing a federal complaint. Looks like you have to file within 180 days of finding out. https://www.hhs.gov/hipaa/filing-a-complaint/index.html

macquilter

@macquilter@toot.community · 9 months ago

@podfeet OMG! I don’t know whether it’s a violation or not, but I can’t imagine the *gall* of them using your recent injury and treatment as a vehicle for fundraising. Though, now that I think about it, perhaps they’re trying to offset losses due to recent legislation? Still, it’s unnerving, to say the very least.

MPG

@mpg@grumble.social · 9 months ago

@podfeet most health care providers will have you sign some sort of HIPAA release when you are brought in. It usually carves out institutions related to the facility along with insurance.

I'm not a HIPAA expert by a longshot, but if they don't know your diagnosis/treatment or your date of service, what they did was probably not a violation.

But you should ask the hospital for a copy of your HIPAA consent form and give it a read just in case.

podfeet

@podfeet@chaos.social · 9 months ago

@mpg Great idea. I don’t remember signing anything, but then again I’d just landed my entire body on my face so who knows if I’m remembering correctly!

@3dogcouch@mas.to · 9 months ago

@podfeet idk the answer to yr question but I do know they sneak all sorts of BS into the documents you "voluntarily" sign before they treat you

Btrinen

@btrinen@social.seattle.wa.us · 9 months ago

@podfeet I am no expert, but I can read, and based on the HHS website summary explanation of what information is protected it seems like this might be a real issue.
“the provision of health care to the individual” would seem to cover disclosing that you received health care from that hospital. Disclosing for fundraising purposes does not look like one of the permitted uses and disclosures. To me anyway.

https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html#what