Leonidas
Thinks s/he gets paid by the post
So late last year my physician, along with a number of other doctors, split away from the group he was practicing with and joined a new group in a different office building with different staff. The local newspaper hinted at some "financial impropriety" as the reason why the original practice group dissolved. I visited him at his new digs yesterday for the first time in a long time.
The staff at his new office seem to be less than competent, and some border on being rude. But that is a topic for another day.
In any event, my records did not make the transition from the old practice to the new and I was classified as a new patient. Which meant filling out 10 different forms that were worthless for the most part, repetitive, and poorly designed.
It also meant that not only did they want to look at my insurance card, but they wanted to scan my driver's license. I questioned that.
The twenty-something twit receptionist claimed that it was required, and when I asked why, she seemed a little shocked that anyone would question her legal authority to make a copy of someone's identification. Finally she claimed that HIPAA II required it. Now, when someone tells me that I am being forced to do something because it is required by law, I usually go off and verify that information. When I asked if that specific requirement was actually in the law, she said, "the billing people told me that we will refuse treatment to anyone who doesn't comply."
Verifying my identification is a good thing, especially when my insurance billing and medical records are involved. Maintaining a copy of my identification in the same system that has my social security number, tons of biometric information, and my medical records, and my credit card information, seems like a recipe for identity theft.
I have friends and neighbors who are physicians, dentist, etc., and professionally I've encountered plenty of doctors as victims, witnesses and defendants. Very knowledgeable about medicine, but outside of that it's a very mixed bag. One of favorite illustrative examples is something I heard an SEC guy say once about investment scams, "if there are two or more doctors invested, it is almost certainly a scam." Or my former neighbor, the head of pediatric care at a major hospital, whose home repair adventures are the stuff of legend. It was SOP in my house to keep a phone handy to call 911 whenever we saw him with power tools or a ladder.
So what does my doctor know about keeping my information secure?
The thought of all my information, plus a copy of my DL, floating around on some computer system whose security is a complete unknown makes me a little nervous. Not knowing if my doctor, or his staff, have a clue about data security, identity theft, information compartmentalization, how to patch that old version of Vista (or XP or whatever), or if the system is accessible from the outside, etc., all make me real nervous about my info.
A little research this morning seems to indicate that this is not covered by HIPAA, but by the Red Flags Rule of the FTC's Fair and Accurate Credit Transactions Act of 2003 (http://www.ftc.gov/os/fedreg/2007/november/071109redflags.pdf) Apparently medical practices are now considered credit institutions and are required to take steps check the identification of customers. Nothing I can find says that they are required (or allowed) to make copies of patient's driver's licenses.
The AMA, which fought to keep doctors out from under this regulation, has a model policy that doctor's can use in their practices. It provides for checking a patient's identification and comparing the photo to the person, but absolutely nothing about maintaining a database of DL copies.
What are your thoughts on this?
The staff at his new office seem to be less than competent, and some border on being rude. But that is a topic for another day.
In any event, my records did not make the transition from the old practice to the new and I was classified as a new patient. Which meant filling out 10 different forms that were worthless for the most part, repetitive, and poorly designed.
It also meant that not only did they want to look at my insurance card, but they wanted to scan my driver's license. I questioned that.
The twenty-something twit receptionist claimed that it was required, and when I asked why, she seemed a little shocked that anyone would question her legal authority to make a copy of someone's identification. Finally she claimed that HIPAA II required it. Now, when someone tells me that I am being forced to do something because it is required by law, I usually go off and verify that information. When I asked if that specific requirement was actually in the law, she said, "the billing people told me that we will refuse treatment to anyone who doesn't comply."
Verifying my identification is a good thing, especially when my insurance billing and medical records are involved. Maintaining a copy of my identification in the same system that has my social security number, tons of biometric information, and my medical records, and my credit card information, seems like a recipe for identity theft.
I have friends and neighbors who are physicians, dentist, etc., and professionally I've encountered plenty of doctors as victims, witnesses and defendants. Very knowledgeable about medicine, but outside of that it's a very mixed bag. One of favorite illustrative examples is something I heard an SEC guy say once about investment scams, "if there are two or more doctors invested, it is almost certainly a scam." Or my former neighbor, the head of pediatric care at a major hospital, whose home repair adventures are the stuff of legend. It was SOP in my house to keep a phone handy to call 911 whenever we saw him with power tools or a ladder.
So what does my doctor know about keeping my information secure?
The thought of all my information, plus a copy of my DL, floating around on some computer system whose security is a complete unknown makes me a little nervous. Not knowing if my doctor, or his staff, have a clue about data security, identity theft, information compartmentalization, how to patch that old version of Vista (or XP or whatever), or if the system is accessible from the outside, etc., all make me real nervous about my info.
A little research this morning seems to indicate that this is not covered by HIPAA, but by the Red Flags Rule of the FTC's Fair and Accurate Credit Transactions Act of 2003 (http://www.ftc.gov/os/fedreg/2007/november/071109redflags.pdf) Apparently medical practices are now considered credit institutions and are required to take steps check the identification of customers. Nothing I can find says that they are required (or allowed) to make copies of patient's driver's licenses.
The AMA, which fought to keep doctors out from under this regulation, has a model policy that doctor's can use in their practices. It provides for checking a patient's identification and comparing the photo to the person, but absolutely nothing about maintaining a database of DL copies.
What are your thoughts on this?