Psychology news robots distributing from dozens of sources: https://www.clinicians-exchange.org
.
**Does HIPAA Even Exist for Large Corporations?**
I don't care if anyone knows I just got a COVID vaccine. Most people
don't care.
However, CVS Pharmacy just sent me an after-visit report across
unencrypted Internet to my email address.
The form included such fields as:
-- My Full Name
-- **DATE OF BIRTH!**
-- My Full Home Address
-- Medication Administered
-- Date and Time of Appointment
-- Name of Pharmacist I saw
-- Name of Doctor at CVS overseeing it all
-- Name and Address of my Primary Care Doctor
Also:
-- All the answers to my *screening questionnaire!* including my yes/no
answers to multiple medical conditions such as heart problems,
immunocompromise, seizures & other brain problems, and pregnancy.
So many things wrong here. This is almost enough information for
identity theft (lacking only SSN). It gives away LOTS of my medical
information. If I had a Gmail email address, Google would now have all
this information. What if I was a pregnant female in the southern USA
where Attorney Generals are starting to track state of pregnancy for
later prosecution if women go out-of-state for abortions or have a
suspicious (to them) miscarriage?
***How does CVS get away with this when smaller medical offices have to
be so careful?**
*
*Michael Reeder, LCPC
*#AI #EHR #medicalnotes #progressnotes #healthcare #patientportal #HIPAA
#dataprotection #infosec @infosec #doctors #hospitals #CVS
#COVID #sars-cov-2 #longcovid #severecovid#covidisnotover #pharmacy
#vaccine
.
.
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
.
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE:
http://subscribe-article-digests.clinicians-exchange.org
.
READ ONLINE: http://read-the-rss-mega-archive.clinicians-exchange.org
It's primitive... but it works... mostly...
@reederm @infosec @PsychResearchBot CVS (and others, of course) get away with this because somewhere, at some time you probably didn't even notice and cannot recall, you checked a box or clicked a button attached to a few thousand words of scrollable legal language that gave them your permission to do so. And somewhere, buried in a labyrinth of menus, domain names, and subcontracted cloud-based CRM software, there is an option to un-check that box. A healthcare system, if we can keep it.
Bill -- Entirely possible that there was some sort of consent form to dump most of the medical data they have on me onto the Internet.
I'm a psychotherapist. The only form I have that comes close is a very clear form allowing clients who want PHI in our individual emails. I actively and clearly discourage this, instead directing them to an encrypted messaging portal for such conversations.
@reederm @infosec @PsychResearchBot It's actually enough information if you are the right person, considering all the large hacks recently. . . AT&T and others.