Ask MetaFilter questions tagged with hipaa

What can I do to stop my company from forcing us to use vacation time to visit the doctor?

Anonymous — Mon, 19 Nov 2012 20:41:23 -0800

My organization is forcing us to use vacation time instead of sick leave to visit the doctor. YANML, but is this actually legal? What can we do to get them to change this policy? I work for a medium-sized multinational organization, with an office in New York. Recently they instituted a new rule that says that if you want to take off time to see a doctor for something other than an emergency, you have to use vacation time (of which we only get 12 days a year); only emergencies or necessary treatments are covered by actual sick leave (of which we get 7 days a year).

Further, on the form to request off time, you need to explain why you're going to the doctor and it has to be for only "emergencies." Their reasoning is that if you're physically capable of coming to the office, then your condition is not severe enough to count as "sick leave," so you need to prove that you did, in fact, have a true emergency. This seems exceedingly unfair, not to mention a likely violation of HIPAA and/or FMLA. I know you're not my lawyer and all that, but has anyone dealt with this sort of thing? Do we have any recourse? Are there any relevant laws or rulings that I can bring to my employer to get them to back off?

HIPAranoia....

JoeZydeco — Thu, 25 Oct 2012 06:58:25 -0800

PrivacyParanoiaFilter: My employer offers a discount on my health insurance if my spouse and I take a Health Risk Assessment (HRA). I get the idea, but are there any downsides privacy-wise that they're not telling you? So I'm starting with a new company and the health insurance offered by the company has an HRA option. If my spouse and I take the survey, they'll knock something like $12 off my monthly premium. It's not that big a savings, but H/R encourages everyone to do it. I know by law they can't require it.

I get the idea that the insurance company wants a better idea of the physical makeup of the group. There's nothing extraordinary in the assessment: tell us your height/weight/BMI, guess your blood pressure, do you smoke, exercise, how much alcohol do you consume, etc.

But TANSTAAFL. Something in my gut says that you're giving away more than what the $12 is worth. Is this an end-run around HIPAA so insurers can get some insight into your details? I'm sure there's a privacy statement in here somewhere, and we don't really have anything medically to hide, but I just get a quirky feeling about it. Anyone else paranoid like me?

Pick up medical records on changing providers?

Admiral Haddock — Wed, 08 Aug 2012 11:39:49 -0800

I recently changed jobs--and health insurance providers. As a result I need to change dentists (and possibly GPs). I am in good health--should I bother collecting my dental/medical records and giving them to the new doctors? I am entitled to them under HIPAA, right? I don't there's anything I'm particularly concerned about getting continuity of care for--no chronic illnesses or whatever. But, in the case of the dental records, for instance, my X-rays would presumably be included, and that might show whether something is a cavity or a pit in the sealant I had on my molars. Would they be helpful to my next dentist (maybe)? Would my historical normal bloodwork be useful to a new GP--beyond me just saying, "I have had blood tests and the last guy said everything was normal"?

How is this done in this modern world--do they email you an archive, or do you pick up original x-rays etc.?

Any other pitfalls or best practices?

Why do potential employers need access to past, present, and future health records?

agent99 — Sat, 23 Jun 2012 05:59:27 -0800

Why do prospective employers ask access to past, current, and future health records? And can one decline? Several employment applications have the following statement:

"I expressly waive all provisions of law prohibiting any physician, person, hospital or other institution that has or may hereafter attend or furnish me with treatment from disclosing to the Company any knowledge or information thereby acquired."

Why do they need this information? It seems excessive and possibly illegal--can one decline to provide them with it? Assume the position has no special physical or health requirements but is an office job.

Privacy violations in an ER?

xyzzy — Sun, 27 May 2012 01:49:08 -0800

Recently I had to spend a few hours in a psychiatric emergency waiting room where none of the staff seemed to have any consideration for the privacy of the patients being triaged there. Are any of the things I experienced violations of HIPAA or the like, and if so, what, if anything, would you do about them? (Details inside.) These things happened:

1. The first waiting room was next to the initial triage room where patients were briefly interviewed, had their vitals taken, etc. The glass between these rooms must have been paper thin, because I heard every single thing every patient in there said.

2. While I was being interviewed, the charge nurse was interrupted several times by a subordinate. He asked questions about patients using their first AND last names. At no time during any of my interviews was the door shut.

3. One patient was doing her intake interview in the hallway outside one of the waiting rooms. There were a number of vacant rooms, so it seemed a bit weird to do pre-counseling in the hallway.

4. Another patient had her intake data taken IN the waiting room. Full name, home address, why she was there, where she worked--all right there in the corner while she cried in her pajamas.

Am I weird for thinking this is way over the top? Should I do something about it, and if so, what?

Am I going to be booked for HIPPA violations?

Anonymous — Mon, 16 Apr 2012 14:34:33 -0800

Part of my job involves conducting phone surveys for public health/medical research. My employer wants me to start using the Emergency Contact info in the electronic health record to increase our response rate. This weirds me out. Help! I'm a research assistant for a group working at a children's hospital. Part of my job involves calling people and asking them to do follow-up surveys. My success has been limited, and my boss, a physician at the hospital, told me to call the people listed as Emergency Contacts in the electronic health record and ask for an updated phone number for the subjects. I said I wasn't comfortable doing it, and that if I, as someone's emergency contact, was called about something like this, I'd be really freaked out. Some of the parents I've talked to have been worried by my calls, and they were the ones to sign the consent forms, so I imagine the reaction from the ECs to be even worse. (I.e., "Oh my God, what's wrong? Is she okay? Do I need to come to the hospital?") My boss brushed me off, saying that it was fine, and that the emergency contacts were used to stuff like this because, as part of a low-income community, their family members are often moving/ gaining and losing phone service.

This still squicks me out, and more importantly it seems like it might be a HIPAA violation, especially if I stick to the script and identify myself as being from the Center for Scurvy* Research and I'm calling because a year ago, Child's Parent agreed to participate in a survey about Child's scurvy.

How do I address these concerns? Do I go to HR? The IRB? Is there a relevant section of HIPAA law that addresses a situation like this? Or am I beanplating it, and should I just do as my boss says?

*Not actually what we study.

Can a US employer ask what medications I'm on?

Anonymous — Thu, 16 Feb 2012 07:55:17 -0800

An employer decides to update their employee database and distributes a form with the usual name, address, emergency contact stuff on it. There is also a line for "Any medications you are currently taking." It's not clear or implied that the answer will affect employment, but it's not clear that it won't either. Filling the form is a requirement for getting the employee's paycheck. Some of the employees at this company operate machines. The company has a random drug testing policy in effect. Public safety is not a concern; we're not talking about pilots or bus drivers or anything like that.

Can a company in the US ask what medications their employees are taking?

How to remotely access a doctor's office's files?

carolr — Wed, 09 Nov 2011 11:25:20 -0800

I am looking for advice to come up with a technological solution for a physician’s office in NB, Canada. The scenario is that I would like patient files to be accessible remotely while still satisfying health privacy laws (PIPEDA), especially the part about patient records having to be stored in Canada. I’m not really trying to use you all for free business advice. I am willing to pay someone to help me figure out this problem but how I’m at a loss for how to find such a person - Yellow Pages computing services? I don’t have much of a technology background: I’m a little familiar with using VPNs, SSH and FTP in a university setting and that’s about it.

All the computers involved use Windows Vista or 7. For word processors, either Microsoft Word 2007 or 2010 or Google Docs (see below). I’m only concerned with documents and maybe PDFs.

I have seen this question asked from a private home perspective.

Here are the possible solutions I’ve come up with so far but feel free to suggest a better idea.

D-Link DNS-323

The idea of you have a firewall, punch a hole in it and then you can access remotely using a password theoretically makes sense to me but I would need help set it up. How do I find someone? Otherwise, this does seem like the simplest idea. If you have any recommendations for version control with Microsoft Word 2010, they would be appreciated. I have tried googling and got several options. What is the best backup solution for this scenario?

Secure VPN

I only understand the basic idea; I have no idea about how to get it set-up and the security concerns.

Google Docs

The pros are: intuitive, don’t need someone tech savy to set it up; we've already started using Google Docs for non-confidential documents; I like Google Docs revision history and ease for multiple users

The cons: Health Privacy concerns: encryption and health records must be stored in Canada. One possible solution is Perspecsys, which interfaces between, say, Google Docs and us. However, they don’t currently offer a small office version and won’t until 2nd quarter of 2012

Microsoft Sharepoint

Googling found me this about Microsoft Sharepoint for doctors’ offices. Concerns are still that we need a Canadian-based server. Parts of it seem like overkill, such as the Human Resources and General Discussion sections.

Thanks!

My brother needs his knee fixed but can't pay for it.

Vorteks — Wed, 26 Oct 2011 10:35:50 -0800

My brother was scheduled to have knee surgery, but has just lost insurance coverage. How can I help him? tldr: My 21-year old younger brother needs knee surgery, has no money, and his insurance coverage ended 12 days ago. He lives in MI, USA. How can I make this happen for him?

details:

My younger brother is 21 years old. He has some kind of...thing, in his knee that has been causing him constant pain. I'm sorry I don't know the details - it could be a tumor, bone fragment... I don't know. I do know that doctors don't believe it to be malignant or life-threatening. But it makes it difficult for him to stand or walk or enjoy life, and it's been getting gradually worse for the past few months.

He was scheduled to undergo surgery to fix this problem tomorrow, October 27. Unfortunately, he cancelled his appointment because he recently lost health coverage. He was covered under my father's health plan. But my father lost his job on October 14. For a while it looked like my father's health insurance would continue until the end of the month, but we recently got confirmation that his coverage ended on October 15, the day after he was let go.

My brother is very upset that he will not be able to have this problem corrected. He works part-time at a retail establishment; his job requires him to be on his feet all day. This has become very difficult for him in his current condition. His employer does offer health insurance, and his new insurance kicks in in another week or so. However it is very minimal insurance. It looks like their coverage for surgical procedures is only $400 per year! My Mom estimates that the base cost for the surgury is upwards of $10,000, so my brother's insurance wouldn't make a very big dent in that.

My parents are exploring their options - they mentioned applying for Medicare. My Dad could theoretically get COBRA, but there's no way they could afford it. My parents are in bankruptcy right now and have no money and no income. The family's doing our best to keep them housed and fed while my dad looks for a new job.

I would like to intervene and make this surgery happen for my brother. How can I do that?

I am reasonably stable in my current condition. I am employed full-time and do not live with my parents and the rest of my family. I know there's never any guarantees, but my job looks to be as stable as a job can be right now. I am far from rich, but I have enough money to pay for my own expenses, plus a little extra. I'm already giving my parents all the monetary support my income allows while my dad looks for another job, but I'm willing to get into a little bit more debt if it helps my brother out. I don't think I can get a multi-thousand dollar loan right now though, because I already have a fairly high debt-to-income ratio (the last time I applied for credit I was declined for this reason). I'm willing to try though.

What are my options here? One thing that came to mind is that I could have my brother get an individual insurance policy, and I could pay the premiums. I was looking at this plan, for example. It covers surgery 70% in-network with an annual out-of-pocket maxmium of $3500. It says pre-existing conditions aren't covered for the first 180 days. But my understanding is that you can get around that if the gap between the new coverage and your previous coverage is less than 63 days. Is that correct? However, I realize that we might still be talking about me paying $3500+$200/month for this, and I'm not sure I can come up with that money. Also, I'm not sure how something like this would interact with his work-sponsored plan that has a $400 limit. Do they stack up so that the first plan would pay $400 and the second plan would pay the rest? Can you even have 2 health care plans?

I really don't know what I can do here, but I want to do something. Any suggestions?

My brother lives in Michigan, USA.

Thanks Mefites.

Which is safer: University IT or cloud-based contact hosting?

QuantumMeruit — Thu, 20 Oct 2011 04:10:29 -0800

Which hosted system is likely to be more secure: A custom-coded database with a web-based front-end coded by an independent coder for $10k and hosted and maintained by a major university, or a small cloud-based provider with several clients who hosts contact data and whose system is set up to accept credit card payments and store other financial information? I realize that the real answer is likely to be that individual coding practices and security assessments vary depending on the individuals involved, and that answering this in the abstract is somewhat of an academic exercise. And to be really sure, you would need to code audits and penetration testing.

In the contemplated scenario, we would be collecting and hosting HIPAA-protected personal data for research purposes. Solution #1 is an out-of-the-box, cloud-based solution used by many nonprofits for managing their contact lists and tracking and processing donations. Solution #1 accepts credit card donations online and stores some of this information, so it is presumably PCI DSS compliant (we are verfiying). They have numerous clients and are fairly well-known in the nonprofit space.

Solution #2 is a custom-built SQL database, which we have a bid for $10k by a solo developer. The system would be hosted by a major university, but it is unclear to me what type of code review the Unversity's internal IT protocols require before running the custom-coded app. The University's research systems and existing servers are HIPAA HITECH compliant. Presumably as part of the hosting the University would patch the servers, but we'd have to pay separately for maintenance of the custom code.

My gut reaction was that the commercial shop (which is presumably PCI DSS compliant) is inherently more secure than the independent coder, because the University would be maintaining and hosting someone else's code and that the commercial shop is more likely to spot vulnerabilities in their own code base.

But when I was trying to explain my position to laypeople with no experience with security issues, they thought I was crazy and asserted that a University-vetted and maintained system would be inherently more secure than a commercial setup, because the University, by the nature of its business, had more experience with security.

Am I right? What other security issues should I be aware of?

Supervisor revealed secret pregnancy: any recourse?

jihaan — Thu, 29 Sep 2011 06:55:27 -0800

Supervisor revealed secret pregnancy: any recourse? So I have this friend who has an unplanned pregnancy. After she was a few weeks along she told her supervisor in case she needed to miss work for morning sickness or doctor's appointments. Well, needless to say, her supervisor spread the news among all her co-workers and even started telling clients. She lives in a very conservative Bible Belt area of the US where unmarried mothers are frowned on so everyone is gossiping behind her back and being very hurtful. Also, she had just started dating the guy so that has made the gossip even worse. I was wondering if she has any legal recourse? Is there any law that prevents employers from revealing medical information? Would HIPAA apply in this case? She works for a large corporation if that is relevant.

How can I insure my spouse on the private market?

Anonymous — Fri, 13 May 2011 09:45:06 -0800

I'm going nuts trying to figure out the rules on how to get my spouse on an individual high-deductible health plan when coverage is theoretically available through my employer. The internet is useless. Can the hive mind help me here? Here's the situation: New employer, Rhode Island. Married with no kids, spouse does not have an employer that provides health coverage. My new company heavily subsidizes individual health insurance but only pays 50% of the premium for a family plan (and "individual+1" is not offered). We could save about $400 a month by enrolling me as an individual in my employer's plan and covering my wife on the private market.

Here's the problem: Blue Cross is the only insurer providing individual coverage in RI. The eligibility guidelines state: "You are eligible to apply for coverage under this agreement if . . . you are not eligible for employer-sponsored group coverage or similar coverage."

This is consistent with HIPAA and with rules of other states that I've seen while poking around the web.

I don't want to be stuck with an expensive family plan that I don't need. I'm willing to put my spouse on a catastrophic plan and pay full price up to whatever deductible makes sense. But that doesn't seem to be a legitimate option here. Has anyone been in this situation? What can I do?

Unencrypted data violation

Anonymous — Wed, 30 Mar 2011 09:51:43 -0800

Insurance data is unencrypted. Should this be reported? How? The insurance management company that handles our plans has a website for administration. This website is where the reports are located along with plan information. There is a section to upload files for forms or other information necessary in managing insurance/FSA/HSA plans. This information would include social security numbers, names, birth dates, addresses, etc.

This website is not encrypted as far as I can tell (HTTP:// address, no padlock to click on for an SSL certificate) - not even for the uploading of files.

Do I report them for this? How and to whom? Thanks in advance.

Let's say the states affected are Minnesota, Iowa, and Missouri. Let's also say that customer service doesn't seem to see the problem.

Help me find out what my shrink really thinks.

reren — Mon, 31 Jan 2011 18:27:31 -0800

I'm going to be requesting my psychiatric records; what should I know beforehand? I understand that under HIPAA (I'm in the US) I don't have the right to see therapy notes and that my doctor may refuse me access to other records on the grounds that seeing them would be harmful to me. The details of how this works in practice are fuzzy to me.

I suspect my pdoc is not going to be super eager to turn my records over. I'd appreciate accounts of how this works in practice. Have you made a similar request? How did it go? Were you able to see your case write-up or just bare bones diagnosis information, etc.? Did you have to appeal?

Received someone else's medical bill

Anonymous — Mon, 24 May 2010 10:19:35 -0800

I received someone else's medical statement with lots of personal information to boot. What do I do next? I have visited a psychotherapist on several occasions, whose office is part of a larger hospital that also handles the billing. I pay my therapist at the time of the visit, and the hospital later sends me a statement.

Yesterday, I received an envelope that was addressed to me, but inside was someone else’s statement!

The statement includes someone else’s entire list of visits since the beginning of the year, as well as their name, address, phone number, date of birth, and what looks like a social security number. (There is a field that is labeled “IRS #”, is the correct number of digits, and the first three digits match the SSN prefix range for a bordering state.)

Furthermore, I searched for the person’s name online, and someone with the same name, age, and town with a population of under 40,000 was arrested on burglary charges last year. My therapist specializes in substance abuse and addiction, though that is not why I go.

I’m obviously worried that this person or someone else received my statement with the same set of information that violates my privacy and opens me up to identity theft.

I’m already going to get in touch with a lawyer that specializes in HIPAA law. I’m going to be watching my credit report more closely now. I haven’t gotten in touch with the hospital or my therapist about it yet. Is there anything else I should be doing?

I live in New Jersey, as does the other patient. The hospital is located in New York.

How to disclose HIPAA violation in nursing school application?

Anonymous — Wed, 24 Feb 2010 10:59:45 -0800

In the early years of HIPAA, I was didn't take it as seriously as I should have and was fired from a clerical position when I looked up a co-worker's date of birth. I was wrong and a total dumb ass for doing it. Now, I would like to know what I should say about it in my nursing school application since clinical hours include hours at the hospital I was fired from. I may not get into nursing school, but I would like to try. I've been working as a medication aide at a group home for 19 years (worked it concurrently with the hospital clerical job). I don't violate ethics as a rule, and it was a one time violation.

I would like to maximize my chances of getting into nursing school, but I want to be honest about this. Please give me your suggestions on how to handle this. Thank you.

Should I be concerned about my insurance company asking for my HIPAA Certificate?

Anonymous — Wed, 23 Dec 2009 07:20:57 -0800

I received a letter from my new health insurance company stating "they have received a claim for an illness that could be related to a pre-existing condition." What now? The letter further explains "because your plan has a pre existing condition limitation I am required to provide a HIPAA certificate."

Some backstory: I have been seeing a therapist for depression/ADD/anxiety and have been prescribed many Rx as we try and find the right combination for me. This started under my previous insurance about eight months ago.

I can provide my current insurance provider a HIPAA certificate from my previous ins. company, that's no problem. But for some reason this situation is setting off alarm bells and has me concerned. Is there anything I should be doing besides sending the HIPAA certificate?

HR-Filter: How does the temp agency you work for store its secure documents?

griphus — Mon, 21 Dec 2009 05:56:46 -0800

Document Imagine/HR-Filter: How does your large company store its secure documents? Okay, so I work on the admin end of a temp agency (i.e. not as a temp.) I'm in charge of document imaging. Rather, I'm in charge of creating a document imaging infrastructure. My boss said I can purchase any software I need so that we may retain the documents the temps fill in when they register. We have a lot of registered temps/day (>100) but this is a small non-profit with a limited budget, so software over a couple of thousand is out of the question. Bonuses for software companies w/ discounts for non-profits. Getting a consultant for this or speaking to a lawyer regarding any of these matters is also out of the question.

So, what system do you recommend for retention of Federal (I-9/W4) and HIPAA documents? By the rules, it has to be secure and able to track all reads and writes of/to the scanned documents.

I don't really need indexing software because we don't have an industrial scanner and because all incoming files are checked by hand.

Finally, if you have a company in NYC that has such a system set up, I would have no problem showing up to your offices for a tour. In fact, I'll take you out to lunch or something for the privilege. (Mods, please delete this request if it is against the rules)

Can I phone-verify and employee's doctor appointment?

Shohn — Wed, 28 Oct 2009 05:36:56 -0800

Can I, as a supervisor, call an employee's doctor to verify that said employee was actually seen on a certain date? It was mentioned to this employee that his number of unexcused absences was starting to creep up, though not enough to trigger any disciplinary action. Just a heads-up. So the next day he provides doctor's notes for all his previously unexcused absences, the earliest of which was in July. All these notes are dated the same day- October 22.

The weird thing is that there were two absences on consecutive days, and he brought a separate note for each. I smell a rat, but I'm wary of a potential HIPAA violation.

So since the employee and his doctor have already provided this information, can I just call the office to verify that it's true? I couldn't care less about any diagnoses or treatments or anything- I just want to know if he was really there.

Can employers tell people when employees are sick?

um_maverick — Tue, 27 Oct 2009 11:45:19 -0800

My employer just asked us to contact HR if any of our employees are diagnosed with H1N1 flu. Is this allowable under HIPAA? It was kind of a weird email that came not from HR-on-high, but from a local HR manager. Are managers even allowed to ask this question? If they come across it somehow ("hey boss, I have pig flu, be back in a week"), can they pass it along? I don't know HIPAA that well, but this seems to be a violation...

More about doctors and privacy

Anonymous — Wed, 21 Oct 2009 05:57:02 -0800

What exactly can a doctor's office tell anyone who happens to pick up your phone? I've recently come across couple of issues with doctor's offices and privacy. The first one was my mental health clinic, who dialed my home phone number. My boyfriend picked up and told them I wasn't home (I wasn't), and my mental health clinic said "well X therapist would like to make an appointment to see her." My bf doesn't live with me and they didn't even ask who he was when they left that message. I called them and said WTF, but they said that by providing them my home number, I authorized them to leave non-specific (i.e. no details about my care) messages there. I had no idea they were allowed to speak to anyone who answered the phone! Are they? (Note, I've since told them they are only allowed to call my cell phone number and they agreed.)

The other issue: My mom went to a specialist and specifically gave them only her cell phone number because she did not want them to give her test results to my dad. Specialist's office requested my mom to get her records from the general practitioner, which she provided. They pulled her home number off the GP's records and called the house. She went in to Specialist's office and explained that she was preparing to separate from my father and she did NOT want them calling him, they said, "well that will be a problem." Two days later they called when she wasn't home and told my dad the test results, when she explicitly told them not to. To me this is even worse than the first case because they did not leave a general message - they gave him test results! After she did not give them permission to and even specifically told them not to! Isn't that illegal?

When you go to a doctor's office, you usually have to fill out a form with the names of the people they may release information to. Why are the doctors' offices, then, not checking these forms and asking who they are speaking to when calling a phone number?

Forbidden fruit of the HIPAA tree

Anonymous — Thu, 27 Aug 2009 10:01:21 -0800

[HIPAA filter]: When dropping off our child at daycare (a small, home daycare), my spouse - a pediatrician - ran into a patient who is not vaccinated. I know you're not a lawyer; I know you're not our lawyer - what are our options? The daycare is full of our friends, and their children. Our child is vaccinated (according to the recommended schedule), and not truly our primary concern in this - it's the children of our friends who are too young to have received their vaccinations yet. Additionally, we plan to have another child soon and wouldn't want someone else's unvaccinated kid putting ours at risk.

The best course of action I can conceive is to (A) review our contract and see if it says anything about required vaccinations, and (B) talk to our daycare provider about what her requirements are for new kids (can they be admitted without a vaccination record? what are the requirements that go along with her license, etc).

But the problem remains - if this child is admitted regardless of their lack of vaccinations, what course of action can we take? Obviously, we can remove our child (assuming we could even find another provider), but what do we do with the forbidden knowledge? How do we warn/protect our friends' children from this possible risk if we're not allowed to share this information?

Extended details: we are in Colorado.

Medical MJ and HIPAA

Anonymous — Wed, 25 Mar 2009 09:57:05 -0800

I'm wondering about medical marijuana use in California and to what degree it is covered by health information privacy laws (HIPAA). I ask because my profession is regulated by a state licensing board (and an ethics board, and a national ethics board, etc. etc.) and I want to know if the Board of Behavioral Sciences could ever have access to my medical information if I were to have a card for medical MJ (this is assuming that I am only registered with the state as a legal patient, not ever picked up by the cops for any reason or have anything close to a criminal record, which I already know would get my licensing taken away). I have been searching info on medical MJ and HIPAA but have not been able to find anything conclusive. Throwaway email is anony01234@gmail.com.

Will I be able to go from medicare to private insurance?

TigerCrane — Thu, 26 Feb 2009 10:48:42 -0800

If I lose medicare, will I qualify for private insurance? I am on medicare due to disability. I am now well enough to work, so i may be losing medicare. But due to my disability, I have a preexisting condition which exludes me from buying private coverage.

I live in california.

I understand that as long as I have continuous coverage, I can get insurance even if I have a pre-existing condition.

I have heard, however, that medicare does not qualify. Does medicare qualify? Will I be able to get insurance?

I'd help your mom if you asked.

eunoia — Wed, 07 Jan 2009 18:29:16 -0800

I am looking for an online document storage/document sharing service that is HIPAA compliant. My mother has a small (less than 100 people per year) counseling practice that I've agreed to do the billing for, as well as keep track of patient records. I'm not able to go to her office as often as will be necessary, because it's about an hour away and I work full-time. We'd like to find a secure, HIPAA compliant online service where we can both upload documents that the other person can view.

Doing a Goggle search brings up a bunch of options, but I'd like to hear from people who have actually used such a service.