Medical Privacy/Complaint Issue
December 28, 2009 5:00 PM   Subscribe

ER seems to be giving out my information to 3rd parties

Last summer a very good friend of mine got hitched and thanks to a combination of keeping up with a drinking buddy, not enough time at the buffet line, I blacked out and scared my friends. Not knowing what to do (and this is the first and only time I've ever blacked out from drinking), my friends called 9-11 so I could go to the hospital. I woke up, went home with a friend for the rest of the night/following day, felt like an idiot, paid all my medical bills and in the time since then, haven't had a drop to drink.

Well in the past few weeks I've been reminded of that whole unpleasant incident because:

a) The Hospital's development department sent me a fund raising letter about how they're trying to build a birthing center.

b) I got a phone message from a collections company in their metropolitan area stating that they needed to talk to me in regards to the ER visit. I call back confused (I paid my bill & have verbal confirmation from the hospital & my insurance company that all business is closed out) and the women I spoke with can't find any sort of record attached to my phone #.

So I want to contact the hospital and ask them what's up and possible also complain about how I've been contacted recently by their development department and the collections agency. Am I thinking something has got really effed up here in regards to my privacy? It's in a different state from the one I live in, but getting called about a collections agency over my confidential ER visit seems beyond the pale. Not to mention getting hit up to donate money to the hospital.
posted by gov_moonbeam to Health & Fitness (9 answers total) 1 user marked this as a favorite
Hospitals send past due bills to collections all the time. If you paid in full, it might've just not been recorded properly on their part, but this doesn't represent some sort of vast breach and conspiratorial pattern to distribute your name to mailing lists.

The birthing center sounds like your name and information WAS circulated internally and they have your name on a list now; you should call the department and hospital administration to have yourself removed.

But again, this is just like any other business—it's not like they're circulating your charts saying "HEY THIS GUY PASSED OUT AND ENJOYS THE JELLO" around. I don't think anything you've cited here would come close to approaching a HIPAA violation, which would be your most actionable offense.

Contact the hospital, but stay sane and give the benefit of the doubt.
posted by disillusioned at 5:37 PM on December 28, 2009

My long answer:

a) The Hospital may share your name and address with its internal departments, which is just what that fund-raising department is.
b) Sounds like the Hospital's accounting department screwed up and submitted your account for collections then corrected its error.

As for your question: Am I thinking something has got really effed up here in regards to my privacy?, I haven't a clue what you're thinking, nor would I hazard a guess. However, none of what you described herein amounts to much of anything at all and certainly isn't a breach of confidentiality.

Had AA or NA or some other alcoholic treatment program unaffiliated with the Hospital contacted you, then, yes, I'd think that someone in the Hospital violated HIPPA (or whatever those initials for that act are).

My short answer:
Get over yourself. There's nothing here to complain about.
posted by LOLAttorney2009 at 5:38 PM on December 28, 2009

a) Fundraising solicitations are allowed under HIPAA, although only demographic info (name/address) and not the illness. For instance, Columbia University's fundraising policy. The regulation in question.
A covered entity may use, or disclose to a business associate or to an institutionally related foundation, the following protected health information for the purpose of raising funds for its own benefit, without an authorization meeting the requirements of § 164.508: i. Demographic information relating to an individual; ii. Dates of health care provided to an individual.
There should be details on how to opt-out on the letter.

b) Payment is a fundamental thing that protected health information can be used for under HIPAA ("treatment, payment or health-care operations"). From the HHS commentary on the regulations:
The Privacy Rule permits a covered entity, or a business associate acting on behalf of a covered entity (e.g., a collection agency), to disclose protected health information as necessary to obtain payment for health care, and does not limit to whom such a disclosure may be made.
I'm not sure if it counts as a privacy violation if your protected health information was shared with a collections agency when it wasn't necessary, even if it was allowed.
posted by smackfu at 5:41 PM on December 28, 2009

You might want to pull a copy of your credit report and make sure that there are no derogatory items posted to it with regards to any debt from this ER visit. If a balance was transferred to a collection agency, even in error, that could generate a report to credit agencies.

If keeping track of their receivables is such a problem for them that you're getting collection calls over a settled debt, who knows whether they corrected any credit reporting when they caught the error. It's even possible that they wrote the account off to bad debt rather than realizing it was actually paid, and that's why the agency doesn't have it on file anymore - that would be another credit ding. I would make sure you have copies of any Explanation of Benefits from your insurer and statements from the hospital in case you end up needing to contest that the debt was paid in full.

So far as a privacy complaint goes, I agree with the other posters who are pointing out that these are standard practices for the industry, however infuriating they are, and you won't have much luck barking up that tree. The main thing now is to make sure this isn't jacking up your credit.
posted by strangely stunted trees at 6:39 PM on December 28, 2009

I think it's possibly legal and clearly wrong for a hospital to use your number to solicit a donation. Call your state board or hospital regulation and lodge a complaint.
posted by theora55 at 7:21 PM on December 28, 2009

I really thought you were going to say you found your name on some sort of alcohol rehab mailing list or something, which may have been a HIPAA violation, but what you've described is really benign and normal. The donation solicitation is standard operating procedure for hospitals these days. It's internal, essentially an entity using its own database as a mailing list, and it's annoying, but it does not violate any of your privacy rights.

The collection agency notice is also standard operating procedure, even if you paid your bill. Medical billing gets screwed up all the time, and collection agencies administer both the truly overdue and inaccurate balances. Again, it's irritating, but not illegal. If the collection agency engaged in harassment type behavior, then you might have a grievance worth pursuing, but it sounds like this was solved with a phone call.

In short, corporate America includes hospitals, and they have some practices that can be super annoying, but your privacy has not been violated and beyond the medical personnel and whoever processed your insurance claim, no one knows about your alcohol poisoning incident unless you tell them about it.
posted by katemcd at 8:13 PM on December 28, 2009

The above posters are correct; it is unlikely that any significant privacy violation has occurred. Nevertheless, HIPAA is a joke; if you want to create a bit of bureaucratic make-work you can lodge a formal complaint. This might ruin someone's day, or not, but you will be adding to the "organizational friction" inherent in our healthcare system. This may or may not be a goal you wish to pursue.
posted by aramaic at 8:37 PM on December 28, 2009

Your name, address and telephone number are not confidential.
posted by DarlingBri at 8:42 PM on December 28, 2009

That you went to the hospital, and why you went to the hospital are two different pieces of information. The sharing of one of those bits of information, as allowed by law, and required by the realities of 3rd-party contracts for billing services, does not in any way imply that the other has been shared in violation of the legal and ethical standards of medical privacy.

Billing mistakes happen; that's why you keep written documentation of bills received and paid, not just your personal remembrances of phone conversations.
posted by nomisxid at 10:14 PM on December 28, 2009

« Older Simpler Pokemon   |   Cookies! Newer »
This thread is closed to new comments.