Source:
Seattle TimesWhen Steve Finn got a call on his unlisted telephone number from the University of Washington Medical Center seeking a donation, he was perplexed.
How on earth did the caller get his name and number?
Finn, a 62-year-old retired CPA who lives on Queen Anne Hill, a one-time patient at the UW, knew that a broad federal law known as HIPAA protects patient privacy. So he was astounded when the caller told him the information had come from patient records.
... In fact, HIPAA specifically allows medical centers to use patient information for fundraising activities, explained Richard Meeks, director of the UW's privacy program.
Information about diagnosis or treatment is off-limits, but federal and state laws allow hospitals, in most cases, to use a patient's name, address, contact information, dates of hospital service, gender, age and insurance status in fundraising efforts.
... As it turns out, when Finn first went to the hospital, he was almost certainly given a 16-page tome entitled "Joint Notice of Privacy practices of UW Medicine and Certain Other Providers."
... Finn's visit to the hospital's emergency room after an accident was rushed. "Like I was reading the fine print!" at the time, he said.
Read more:
http://seattletimes.nwsource.com/html/localnews/2011938668_hipaa24m.html