My mom called my therapists office pretending to me and found out all my private info that I didn't want her to know. (doctors, insurance)
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
Under Obamacare, now every person under 25, is under their parents health insurance, so perhaps a mother should have a right to know what her daughter is taking and why. Especially if that daughter is living with her and mom is paying the bills.
I would want to know.
This story doesn't make sense to me. I think the op must have misunderstood something.
This is not the case, actually. Unless the patient is a minor, HIPPA prohibits unauthorized release of info to anyone else, even to the person who is paying the bill.
First, your mother has violated your privacy in a most offensive and destructive way. You don't seem to be reacting as strongly to that as would be justified. As far as I can see, this raises serious questions about whether you can ever trust her or have a relationship with her in the future.
Second, the problem is not just with the receptionist, it is with the psychologist or therapist, who has a legal and ethical obligation to properly supervise his/her employees and make sure they comply with all applicable rules regarding patient confidentiality. You could, and probably should, file a professional conduct complaint with whatever board or agency licenses your therapist. If they have breached the confidentiality of your records so cavalierly one must wonder how many other patients they have also injured in this way. They not only deserve some type of professional sanctions for this, but they may also be liable to you for damages for breaching your confidentiality. You might want to talk to an attorney for advice on whether to sue them for this.
This doesn't make any sense. Why would someone call and ask a receptionist, "what is my diagnosis", "what meds am I taking" and not sound suspicious? No one calls and asks information about themselves that they should darn well know. Well anyway, if this is the case and your information was given to your mom I would raise all kinds of heck. They could be shut down, you could sue them, it is very serious these days with the HIPAA laws. I'd find out who is in charge of that office and talk to them about this.
HIPPA gives patients the right to request restrictions on how and to whom their PHI is communicated, but the privacy rule is actually a very small part of what HIPPA is about. Unless you requested that the office not share your PHI over the phone? That would be a violation, then.
There is a process called verification required by HIPPA that basically, if your mom called and had information that would "verify" over the phone to the doctor's office that she was you (your birthday, last four of your social, address, etc.), and the office (receptionist, whoever) asked for that verification and got it, then the office met that requirement and I don't think that they could be held liable for what happened. So long as you hadn't requested that your PHI not be shared via the phone.
It seems your mother is the one who could get into some serious trouble over this. What she did was absolutely wrong - a criminal act, actually.
You can call the office where this occurred and ask to speak to the privacy officer at the facility. HIPPA requires that all medical facilities have one. The privacy officer is independent from the doctor's office - so it's safe to talk with them. They are sort of an ambassador of sorts between the office and the patients and are there to deal with situations exactly like this. They can probably offer you some good advice and help you to prevent this situation from happening again in the future. The privacy officer really should be told that this happened anyway, whether you want to pursue some legal course of action or not.
If you do feel there is a real issue with how the office handled the situation, and talking to the privacy officer doesn't help, you can file a formal complaint to the Secretary of Health and Human Services through the Office of Civil Rights.
This is not the case, actually. Unless the patient is a minor, HIPPA prohibits unauthorized release of info to anyone else, even to the person who is paying the bill.
This isn't entirely true. For example, if an employer pays for an employee to take a certain test or have a certain procedure performed or receive treatment of some kind, the employer who paid for the services has access to the PHI pertaining to those services performed. There are also other exceptions. For example, the privacy rule only pertains to "covered entities". Example: Doctor's offices often use storage facilities to store old paper versions of patient records and other sensitive documents. The doctor's office is of course a "covered entity" but the storage facilities are not. If the doctor's office didn't pay the bill or something happened... the storage facility had legal access to all that personal patient info. Thankfully, now they are supposed to sign contracts in order to protect patient info under these situations, too, but it took awhile for these little glitches to be realized and addressed.
With parents and dependent children (even adult ones) the exchange of patient PHI line is fuzzy. Same with spouses. I go to my husbands appointments with him all the time because he wants me there, and not once has anyone ever asked his permission to allow me to be there. It's a gray area. It's an implied form of permission.
There is actually nothing regarding protecting our privacy in the U.S. Constitution or Bill of Rights. That was a surprise to me when I discovered it. It's something we all assume, but it is not there. State laws address it, some state's more than others. If the state laws where you live are better than the HIPPA privacy rule, you might have a case.
You definitely have a case against your mom for what she did, but so long as the office followed protocol and procedures when addressing "you" on the phone, what they did was unintentional. If "you" (or your mom posing as you) called and gave all the verification needed to "prove" it was "you" and you asked, when was the last time I picked up my meds, oh I forgot what the doctor said, when is my next appointment, oh and did I mention why? Etc. People are sneaky (moms are sneaky) and there's any number of ways she might have discovered the information with a simple phone call.
Last edited by haggardhouseelf; 04-12-2013 at 12:22 AM..
This doesn't make any sense. Why would someone call and ask a receptionist, "what is my diagnosis", "what meds am I taking" and not sound suspicious?
Her mother probably called and impersonated her. She could have called and said 'I need a refill on my medication', then receptionist says 'which medication' (assuming she is one several) and there you go. Codependent people are very clever, they need to be in order to keep their chaotic family dynamic intact.
I'm not sure I would confront her mother on this, unless you are of sufficient financial and emotional means to stand on your own. She will just use this as a weapon against the op. I'm guessing that the op she still lives at home.
You need to bring this up with your therapist asap, so her or she can find out exactly what happened. You could then take legal action against whoever but I'm not sure it would be worth it.
You can call the office where this occurred and ask to speak to the privacy officer at the facility. HIPPA requires that all medical facilities have one. The privacy officer is independent from the doctor's office....
In all of the clinics and hospital I have worked in, the Privacy Officer is an employee of the agency (e.g. usually the Medical Records Director at hospitals.) In small practices, the officer manager or practice manager is often times the designated privacy officer. In some cases, one of the therapists or providers may even be the privacy officer. Under HIPPA, the privacy officer is responsible for developing and updating policies regarding the maintenance and disclosure of protected health information. Clearly, someone who is independent from the doctor's office could not effectively do this. If I am mistaken, please provide a reference that states that the Privacy Officer must be independent.
My argument about this technicality notwithstanding, your point about going through the privacy officer to resolve this issue is certainly correct. This is a primary role of the Privacy Officer. The OP should work with the Privacy Officer towards a resolution in this case (and I should have suggested this in my prior post.)
Quote:
Originally Posted by haggardhouseelf
This isn't entirely true. For example, if an employer pays for an employee to take a certain test or have a certain procedure performed or receive treatment of some kind, the employer who paid for the services has access to the PHI pertaining to those services performed. There are also other exceptions. For example, the privacy rule only pertains to "covered entities". Example: Doctor's offices often use storage facilities to store old paper versions of patient records and other sensitive documents. The doctor's office is of course a "covered entity" but the storage facilities are not. If the doctor's office didn't pay the bill or something happened... the storage facility had legal access to all that personal patient info. Thankfully, now they are supposed to sign contracts in order to protect patient info under these situations, too, but it took awhile for these little glitches to be realized and addressed.
With parents and dependent children (even adult ones) the exchange of patient PHI line is fuzzy. Same with spouses. I go to my husbands appointments with him all the time because he wants me there, and not once has anyone ever asked his permission to allow me to be there. It's a gray area. It's an implied form of permission. ....
There are many exceptions, as you say. In cases where an employer pays for a test and needs the results, the patient often signs a special informed consent that makes it clear that the employer will have access to that information. Drug screens and physical exams that are required to insure that one is fit for a particular job (e.g. police and firefighters) are common examples. At any rate, employer exceptions clearly do not apply to the OP's situation.
As for relatives who have a insurance policy for an adult patient, I certainly agree that this area is "fuzzy." As SouthernBelleInUtah said, small town mindsets sometimes lead to disclosures that are contrary to HIPPA. Insurance companies often times refuse to share information about the a patient with the policy owner. I have run into this myself with two insurance companies. The policies were in my name (and provided through my employer), but the insurance companies refused to talk to me about my wife's health information. My wife has never had a problem with me accessing her health information, but this does not matter to the insurance company (unless they receive her consent, in writing.) My wife and I were required to have separate usernames and passwords for the insurance companys' web portals, and I could not see any of her claim information or other health data her via. my user account. That said, I think physicians, therapists, and even insurance companies get a little lax when it comes to close family members. Technically, your doctor should always as if it's okay for your husband to be there. However, the physician simply assumed that your consent is implied, since he came with you to the office. I think many doctors do the same thing.
The OP never said that insurance was even used to pay for these services. If this is case, these may all be moot points.
Bottom line: this will hopefully serve as a valuable learning experience for both the OP and her therapist. The OP has learned that her mother is not trustworthy and has some pretty clear boundary issues. The therapist and his/her staff have learned not to provide any protected health information to anyone over the phone, unless the identity of the caller can be very definitively verified.
The therapist and his/her staff have learned not to provide any protected health information to anyone over the phone, unless the identity of the caller can be very definitively verified.
Unless I missed it, the op has not told us that she has said anything to the therapist or the staff or whetehr or not she intends to, so no lesson learned that we know of.
I'm tempted to call BS on the OP. Too much of this isn't adding up. Who calls to ask what their own diagnosis is? Wouldn't you ge told that directly?Who wouldn't know what meds they're taking? It's right on the bottle. What receptionist has access to confidential patient info and who would be fool enough to A) Think that a patient wouldn't already know this info, and B) Think it's her/his place to discuss this, even with the patient her/himself?
Receptionists often double as file clerks in doctors' offices. Nurses don't put the files away, neither do medical assistants. They call on an office clerk or receptionist to pull the paper files for each scheduled patient in the morning, and file them at the end of the work day. So yes, receptionists have access to confidential patient information.
What I'm not getting, is how it's possible that a receptionist would give ANY of this information out to ANYONE over the phone, even if they can confirm it really is the patient. Maybe it's something I signed and forgot about, or maybe it's just the policy of the offices I've been to. But they always make me come in if I want information, or request it in writing if I can't come in. I even have to sign a thing letting them know that my husband and sister are authorized to receive prescriptions on my behalf if I need any procedure that renders me unable to go to the pharmacy afterward (such as surgery).
I'm thinking the OP is embellishing something here. There's definitely something that doesn't add up, I agree with the previous poster (and whoever else has suggested this too).
Edited to comment - I -do- get to discuss things over the phone with my doctors. But I can't ask them for information - I can tell them something like - "I'm looking at my bill, it says you worked on tooth #4, but I thought you worked on tooth #3. Can you confirm?" And they can look up the chart and see that I'm remembering things backward, that it is indeed tooth #4. Or, it was a clerical error, it really was tooth #3 and they'll send a correction to the insurance company. But in either case, I'm not asking them to fill in the blanks. I'm not saying "what did you do with my teeth last week?" I'm TELLING them what they did - and asking them to confirm it. Huge difference. If I wasn't really me, I might ask "what did I have done last week?" and they'd say "come on in and we'll go over your chart." But no they won't tell me over the phone, because I'm expected to know, since I was there.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
