HIPPA - privacy. Is this coercive violation of our rights?
A very well known and helpful non profit, independent medical support association hold conferences, provide assistance, etc to a group of people within a certain diagnosis. They have no medical equivalent for what they offer.
In order to even access their on line conferences, they require you to provide detailed private personal and medical information. This includes but is not limited to full name, physical address, age, role (patient, caregiver etc), diagnosis (medical distinguishing type of), date of dx, stage, type of tx, status of treatment and more.
You CANNOT participate with them unless you provide all required information.
I submitted all of this extremely reluctantly. But had 2nd thoughts. I rescinded my permission for them to retain my data and therefore am unable to access any information or services or benefits.
They are DATA MINING people and to do so they coerce them to relinquish their HIPPA rights and protections in order to access information and participate with similarly situated co- suffers, IMO.
What are your thoughts?
Do you think this is a serious matter?
Do you think this should be prohibited regardless of whether HIPPA is construed to apply to them or not?
Interested in more discussions like this? Go to the Just Want to Talk Support Group.
Thank you Sue. I clearly see your points. I didn't know all the legalities you mentioned. This was just another healthcare related disappointment and frustration. I'm obviously coming from a perspective of former days. I may be emotionally strongly reactive to certain things that apparently are not a problem. Because my frame of reference and expectations and values are different from what is.
Thank you so much on the correction of "HIPAA" instead of "HIPPA". My mistake. Blessings....
@rsfcowgirl, I agree that collecting all this personal data and medical history should not be the price of admission to said organization's event. That is your information and should only be requested voluntarily. So often organizations buy customer management software/systems (CMS) to build databases of their customers so that they can add them to mailing lists for marketing or other purposes. These CMS tools allow organizations to create forms to collect any type of information. But just because they CAN create a form with a wide variety of fields to fill out, doesn't mean they SHOULD create them. I hope your response to them makes them more aware. They should at least make the information voluntary. Thank for advocating for respect for patient privacy.
I want to clear up about data collected on Mayo Clinic Connect. We do not collect personal and medical information on this site. This is by design to protect patient privacy. You do not need to fill out any information to read the article by Dr. Vanichikorn here:
- Glimmers of Hope: Post-COVID Syndrome Research https://connect.mayoclinic.org/blog/post-covid-recovery/newsfeed-post/glimmers-of-hope-post-covid-syndrome-research/
In fact, you do not even need to be a registered member of the community to read it.
To join the discussions on Mayo Clinic Connect, you do have to register. The only information required is an email address and then you create a password and username (which can be your real name or a nickname). Again, this is by design to protect patient privacy and to make sure that registering is quick and easy so that people have few barriers to asking their questions and getting support and answers from fellow members. Even filling out the member profile is optional. While it is nice to see a picture with a name, we do not oblige people to provide a profile picture or bio or any medical information.
I hope that helps clarify. And thank you again for being aware of your data and your right to privacy.
PS: I just dealt with a similar situation with my daughter where her landlord was asking for personal banking and social security information to which he has no right. It was an important lesson for a young person to learn. Just because someone asks for data about you, doesn't mean you have to give it.
Yes, I think this is a serious matter, and I do think it should be prohibited.
I noticed that someone else provided an email address for the HHS Office of Civil Rights (OCR).
Here is what a quick Google search turned up from the HHS website:
"HHS' Office for Civil Rights is responsible for enforcing the Privacy and Security Rules. Enforcement of the Privacy Rule began April 14, 2003 for most HIPAA covered entities. Since 2003, OCR's enforcement activities have obtained significant results that have improved the privacy practices of covered entities"
I had a similar experience with Hope Connections in Bethesda Maryland. They wanted more information from me that I was comfortable giving, but I did it anyway, against my better judgment as an IT professional, because I wanted their services. Later, I had a bad experience with them and regretted having any dealings with them. I tried to get them to delete my private information, but they totally ignored me.
Yes, I think this is a serious matter, and I do think it should be prohibited.
I agree that this is a kind of predatory practice that exploits people in a vulnerable situation. I imagine that money is the motivation. I found out that Hope Connections has its offices in the Grosvenor Mansion in Bethesda Maryland. The building was formerly the summer home of a 19th-century robber baron. It is 14,000 ft.² of high-end real estate in the middle of a very expensive city. I don't know how much they paid for it, but it must have been many millions of dollars. It is a red flag for me when a so-called charity has its offices in a literal mansion.
Besides the Office of Civil Rights, I would encourage you to write your representative in Congress, because this might require a legislative remedy. You have inspired me to do so also.
As an IT person, you can also appreciate another level of undisclosed threat to personal privacy. First, even virtual viewers, were required to provide deep personal+ private information. There were fill in the blank questions plus pull down menus that required data entry and option selection. Doing so also gave them expressed permission to release your information inc your photo if captured, for their use. Those attending in person, which were thousands, received conference badges w barcodes. The charity then had prize drawings. The action of entering this lottery was having your badge scanned at a number of exhibits and vendors. Now, let's call this out for what it is: the scanned badges transfer their data to the vendors and exhibitors. This is obvious to me. And probably few ppl understood that. Which makes this deeply cringeworthy to me. And the winner had her photo, name and more emailed out to all, under subject "Winner of ______(medical condition) drawing. No permission was required.
To me, this entire approach is cringeworthy predation. The people who need this charity, which is a legitimate and very helpful one, have received one of the worst diagnoses and are truly frightened and desperate people. They range from young children to the elderly. It's such a disproportionate power field. Most would not give a second thought to giving any and all information for the opportunity to hear a doctor present the latest medical advancement or learn about the latest clinical trial they may have a chance to get into. At such a limitless cost. Your entire personal and medical information.
I hope the right to Medical PRIVACY is extended to sources beyond clinical settings. I recently read a poll in Medscape asking if readers (medical professionals) thought patients should have the right to selectively have withheld certain information contained in their electronic medical records. So the issue of medical privacy and control of information is an issue whose time may have come for reevaluation, policy, and legislation. I encourage you to pursue change bc you have IT knowledge, which is core of medical privacy.
I just can't get on board with most of the responses, at least the ones I have read. Joining this organization is a voluntary act on your part. You can either go with their rules and join, as apparently you did, or decline. And in my mind this concern must first assume that you have some privacy in your life. I imagine if you hired a lawyer to read and explain a few of the Privacy agreements you've agreed to over the years you will find that as a practical matter, you have none. And Beyond that, unless you are a well-known celebrity from Hollywood or one of the top couple hundred politicians in the country, nobody is really interested in your personal health situation. Finally, if hackers can shut down hospitals and MGM casinos that spend large amounts of money on cyber security, they can get into your information that you have given to your health insurer. In other words, I don't see anything for the average individual to be concerned with if they are voluntarily yielding HIPPA rights. And I can't resist ending this without commenting that when you step in line for a prescription or a question about your health at the average Walgreens or cvs, there is a line for you to stand behind. It's not uncommon for you to be able to hear everything that is being said between the clerk and the patient, who may be hard of hearing. Privacy today is Out Of Reach for the average person.
I attend a county sponsored class twice weekly. Whenever someone in the class has tested positive for a concerning illness, like Covid, we cannot be told WHO the infected person is because of HIPAA . It would be most helpful to know if I was in close contact with whoever, so I could limit my exposure to vulnerable elders if necessary.
Your issue is a totally separate and distinct issue that is unrelated to the issue in my thread.
@rsfcowgirl, while the issue may be distinct, @criss is reaching out to share their experiences with HIPAA.
Criss, the balance between protection of privacy and protection of public health is a fine line. I can understand your wish to protect yourself and vulnerable elders in your circle if exposed. A public institution or hospital is beholden to protect patient privacy as well as public health. It’s the same a my child’s school if there is a lice outbreak. They send a letter home telling us someone in the class has been detected with lice, but not who. This helps the classmates but not necessary the other children who may have had contact during other activities such as recess.
Hi @criss, sorry to not relate to your outreach of personal experience. I didn't mean to be rude. I just didn't shift gears well.