More about doctors and privacy
October 21, 2009 5:57 AM   Subscribe

What exactly can a doctor's office tell anyone who happens to pick up your phone?

I've recently come across couple of issues with doctor's offices and privacy. The first one was my mental health clinic, who dialed my home phone number. My boyfriend picked up and told them I wasn't home (I wasn't), and my mental health clinic said "well X therapist would like to make an appointment to see her." My bf doesn't live with me and they didn't even ask who he was when they left that message. I called them and said WTF, but they said that by providing them my home number, I authorized them to leave non-specific (i.e. no details about my care) messages there. I had no idea they were allowed to speak to anyone who answered the phone! Are they? (Note, I've since told them they are only allowed to call my cell phone number and they agreed.)

The other issue: My mom went to a specialist and specifically gave them only her cell phone number because she did not want them to give her test results to my dad. Specialist's office requested my mom to get her records from the general practitioner, which she provided. They pulled her home number off the GP's records and called the house. She went in to Specialist's office and explained that she was preparing to separate from my father and she did NOT want them calling him, they said, "well that will be a problem." Two days later they called when she wasn't home and told my dad the test results, when she explicitly told them not to. To me this is even worse than the first case because they did not leave a general message - they gave him test results! After she did not give them permission to and even specifically told them not to! Isn't that illegal?

When you go to a doctor's office, you usually have to fill out a form with the names of the people they may release information to. Why are the doctors' offices, then, not checking these forms and asking who they are speaking to when calling a phone number?
posted by anonymous to Health & Fitness (8 answers total) 2 users marked this as a favorite
 
I think you will find what you're looking for here:

http://www.hhs.gov/ocr/privacy/

and here:

http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html

There are some good quick fact PDF flyers at that one that address your question directly.

As for what you can do about it and what penalties are in place for violation of HIPPA, see here.
posted by zizzle at 6:14 AM on October 21, 2009


For the first item, they seem to be following the rule. Look at the Q&A part (page 6) of Incidental Uses and Disclosures Under HIPAA (PDF).
A covered entity also may leave a message with a family member or other person who answers the phone when the patient is not home. . . . However, to reasonably safeguard the individual’s privacy, covered entities should take care to limit the amount of information disclosed on the answering machine. For example, a covered entity might want to consider leaving only its name and number and other information necessary to confirm an appointment, or ask the individual to call back.
For the second item, the same document says:
In situations where a patient has requested that the covered entity communicate with him in a confidential manner, such as by alternative means or at an alternative location, the covered entity must accommodate that request, if reasonable.
("Covered entity" in both of these is the medical provider that falls under HIPAA)
posted by smackfu at 6:41 AM on October 21, 2009


When I worked at Memorial Sloan Kettering we were told not to say ANYTHING to anyone other than the patient or authorized caretakers. When we left messages with other people or even on voicemail, we were calling from Firstname Lastname's office and to please call us back. Not Dr. Lastname. Firstname Lastname. They should be saying the absolute bare minimum.

My medical group has automated appointment reminders that leave a message that I have an appointment with Dr. Lastname in Specialty. I hate that.

I can't believe they gave the test results to an unauthorized person over the phone. You should absolutely file a complaint with HIPAA and JCAHO. The HIPAA complaint may come to nothing, but the Joint Commission will come down on them like a ton of bricks.
posted by elsietheeel at 8:02 AM on October 21, 2009


My boyfriend picked up and told them I wasn't home (I wasn't), and my mental health clinic said "well X therapist would like to make an appointment to see her." My bf doesn't live with me and they didn't even ask who he was when they left that message.

I agree that it's not ideal, but are the alternatives any better?

I mean, if they phoned you and said "is that Anonymous?" anyone of the right gender could say "yes, that's me" and get the information.

Only calling cell phones is fine - until someone loses their phone. At least with a landline you know the person you're talking to has access to the patient's home.

And if every phone call started with the caller refusing to identify themselves or what they were calling about, I would think people would mistake them for telemarketing. I mean, if I got an anonymous voicemail asking me to call a number, I would suspect it was some sort of telesales or scam.

Needless to say, things like e-mail and text messages are right out - and if someone is in your house to answer your landline, they could also access your post.

I guess my point is, in the boyfriend case (not the test results case which is IMHO indefensible) the security isn't ideal, but I can't think of a way to improve the security without making the entire process a big hassle.
posted by Mike1024 at 10:10 AM on October 21, 2009


Our office also has a strict policy about phone calls. When calling and reaching someone other that the patient, the message is only: This is SLC Mom at Your Health Care Company in Big City. Please call me back at ##########.

My partner once left a voice mail message: This is So and So from the bone marrow transplant department, please call me back to schedule an appointment. It turned out that the patient had not yet told her teenager that Mom Has Cancer. Fortunately he did not hear the message, but he easily could have. She was furious. Policy is policy and rules are rules, but there is nothing like a hard-core chewing out by a patient to make medical people careful about leaving messages.
posted by SLC Mom at 11:23 AM on October 21, 2009


when i used to go planned parenthood

They still do this. In fact, the intake form specifically asks next to each phone number you give, whether they are allowed to leave a message at that number.

With your family, relatives, friends, or others you identify who are involved with your health care or your health care bills, unless you object

The key phrase here that is relevant to your mom's case is "unless you object". If you click through to the information for providers on the website linked above, they have a much more comprehensive guide for what a health care provider is and isn't allowed to tell family and friends here. Relevant to your mom's issue, it gives this example:

"A nurse may not discuss a patient’s condition with the patient’s brother after the patient has stated she does not want her family to know about her condition."

On the other hand, the info in that document makes it sound like what happened with YOUR provider on the phone with your boyfriend is not technically illegal, though it was certainly in very poor form. I'm in nursing school right now, and all the training we've received has said that we shouldn't communicate private information with anyone except the patient, without first obtaining express consent from the patient (though obviously this is relaxed if the patient is unconscious). If you write a strongly worded letter to your provider, I think they would make some changes.
posted by vytae at 12:52 PM on October 21, 2009


My 22 year old son and I have the same health care provider. They won't even let me make an appt. for him. They ID me (date of birth, address) when they call. If my sister answered the phone, she could fake it, so it isn't very robust, but better than your and your Mom's experiences.

Complain in writing to the medical practice. If you aren't satisfied, call the state Attorney General's Office and find out who else you should complain to.
posted by theora55 at 1:01 PM on October 21, 2009


this is kind of a derail, but i know that when i used to go planned parenthood, the contact info form has something like.... Is there a name you would like us to use when calling and leaving a message? so that way you could be like "oh yeah, that was sue....from work. she wanted me to cover her shift/come to happy hour/etc." i don't know if they still do that.

Like Vytae said, they still practice this. The local one always uses the name "Betty" even with numbers you authorize - "Hello, this is Betty, call me back at xxx-xxxx." They make sure you know this if you are expecting results.
posted by june made him a gemini at 3:22 PM on October 21, 2009


« Older How can I learn to read technical documents?   |   Berlin car sticker duplication? Newer »
This thread is closed to new comments.