Follow

Psychology news robots distributing from dozens of sources: clinicians-exchange.org
.
**Does HIPAA Even Exist for Large Corporations?**

I don't care if anyone knows I just got a COVID vaccine.  Most people
don't care.

However, CVS Pharmacy just sent me an after-visit report across
unencrypted Internet to my email address.

The form included such fields as:
-- My Full Name
-- **DATE OF BIRTH!**
-- My Full Home Address
-- Medication Administered
-- Date and Time of Appointment
-- Name of Pharmacist I saw
-- Name of Doctor at CVS overseeing it all
-- Name and Address of my Primary Care Doctor

Also:
-- All the answers to my *screening questionnaire!* including my yes/no
answers to multiple medical conditions such as heart problems,
immunocompromise, seizures & other brain problems, and pregnancy.

So many things wrong here.  This is almost enough information for
identity theft (lacking only SSN).  It gives away LOTS of my medical
information.  If I had a Gmail email address, Google would now have all
this information.  What if I was a pregnant female in the southern USA
where Attorney Generals are starting to track state of pregnancy for
later prosecution if women go out-of-state for abortions or have a
suspicious (to them) miscarriage?

***How does CVS get away with this when smaller medical offices have to
be so careful?**
*

*Michael Reeder, LCPC

*
@infosec
-cov-2 #covidisnotover

.
.
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
.
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE:
subscribe-article-digests.clin
.
READ ONLINE: read-the-rss-mega-archive.clin
It's primitive... but it works... mostly...

@reederm @infosec @PsychResearchBot It's actually enough information if you are the right person, considering all the large hacks recently. . . AT&T and others.

@reederm @infosec @PsychResearchBot CVS (and others, of course) get away with this because somewhere, at some time you probably didn't even notice and cannot recall, you checked a box or clicked a button attached to a few thousand words of scrollable legal language that gave them your permission to do so. And somewhere, buried in a labyrinth of menus, domain names, and subcontracted cloud-based CRM software, there is an option to un-check that box. A healthcare system, if we can keep it.

Bill -- Entirely possible that there was some sort of consent form to dump most of the medical data they have on me onto the Internet.

I'm a psychotherapist. The only form I have that comes close is a very clear form allowing clients who want PHI in our individual emails. I actively and clearly discourage this, instead directing them to an encrypted messaging portal for such conversations.

@wcbdata @infosec @PsychResearchBot

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.