General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsPrivacy, HIPAA, and WTF??
My wife and I are no longer spring chickens. We are on Social Security and have a Medicare Advantage policy. Back when HIPAA was coming in I was involved with modifying medical software to conform to the privacy requirements contained in HIPAA. So I am not completely ignorant of what you can and cannot do under HIPAA.
So, imagine our surprise - not to mention concern - when we received a solicitation for a prescription 'discount card' that specifically mentioned a medication that my wife takes, touting how much money we could save by using their card. Of course it would cost us way more to use their card than to keep using the prescription benefit from our Medicare Advantage plan.
However, how the hell did some outfit in California find out what drug my wife was taking here in Kentucky?? The only people who should have that information are a) her doctors, b) our pharmacy, and c) our insurance company; all of whom are prohibited from disclosing that information to outside parties.
I sent a query to the feds asking them, but I suspect that since no one will own up to leaking the info nothing is going to happen. So, what's the point. There is no privacy left anywhere anymore, regardless of what the law says.
Kali
(55,014 posts)and they just got lucky on a guess?
Stonepounder
(4,033 posts)It is a generic medication for folks with high cholesterol, but there are a number of those on the market. As it happens, she is on one generic and I'm on another. And unless you happen to get lucky on guessing that a) we have high cholesterol, b) are on a drug to help lower it and c) guess the one she is on you aren't going to guess correctly. A quick look through Google brings up about 10-12 different meds, generic and non-generic. Pretty good guess to get it in one.
marym625
(17,997 posts)Check that there was nothing hidden in anything you signed giving permission to share with drug companies for "statistical analysis" or some other bs.
Stonepounder
(4,033 posts)marym625
(17,997 posts)I should not have used "analysis"
I have caught it in a couple doctors offices. I won't sign it. It is outside of HIPAA. A separate page given with HIPAA.
KMOD
(7,906 posts)Unless you are still using cash, every purchase you make with a debit or credit card is tracked.
Search engines and many websites know your search tendencies.
A smart phone gives out all sorts of data, where you are, your interests, etc.
It really is horrible.
I had twins in 1991. Pampers, Huggies, formula companies, baby magazines, etc. were all sending me mailings.
daredtowork
(3,732 posts)don't insure companies share info in some common insurance company database? I seem to remember such a thing existing a few years back. That means if you billed your insurance company for the meds, it would be there. The solicitor is another insurance company - perhaps it gets the info because of some twisted concept of free competition for your business?
Stonepounder
(4,033 posts)Insurance companies can share info with their clearing houses (the ones who actually collect money), but they and the clearing houses are prohibited from sharing that info with any 3rd parties. If I go to a new doctor I have to give specific permission for the doctor's office to even tell my wife what time I have an appointment.
My MIL (who has since passed away) lived with us for a number of years. She was also stone deaf. If we had a question for the insurance company - even though we had her durable power-of-attorney on file with the insurance company - they wouldn't talk to us about anything unless we put her on the phone and told them it was ok to talk to us.
HIPAA makes if very clear that patient info is not to be shared with anyone outside the doctor-pharmacy-insurance loop without express written permission of the patient. (The one quasi-legal exception is if the doctor, or the hospital, has problems with their software and has to call the vendor for tech support, the tech may access the restricted information if necessary to resolve the issue, but the tech had damn well not share or in any act on the information he/she saw.)