Law allows hospitals to use patient records for fundraising

Source: Seattle Times

When Steve Finn got a call on his unlisted telephone number from the University of Washington Medical Center seeking a donation, he was perplexed.

How on earth did the caller get his name and number?

Finn, a 62-year-old retired CPA who lives on Queen Anne Hill, a one-time patient at the UW, knew that a broad federal law known as HIPAA protects patient privacy. So he was astounded when the caller told him the information had come from patient records.

... In fact, HIPAA specifically allows medical centers to use patient information for fundraising activities, explained Richard Meeks, director of the UW's privacy program.

Information about diagnosis or treatment is off-limits, but federal and state laws allow hospitals, in most cases, to use a patient's name, address, contact information, dates of hospital service, gender, age and insurance status in fundraising efforts.

... As it turns out, when Finn first went to the hospital, he was almost certainly given a 16-page tome entitled "Joint Notice of Privacy practices of UW Medicine and Certain Other Providers."

... Finn's visit to the hospital's emergency room after an accident was rushed. "Like I was reading the fine print!" at the time, he said.

Read more: http://seattletimes.nwsource.com/html/localnews/2011938668_hipaa24m.html

Sure gives me confidence about hospitals and doctors now.

I've always resented having to sign those things, if for no other reason because they are presented in a way that makes it seem they're for OUR benefit.

I've also suspected those HIPPA forms were some back-door way of protecting care providers insulation from law suits over such things.

HIPAA (The Health Insurance Portability and Accountability Act of 1996) does allow hospitals to continue the long-time practice of using their patient's demographic info for fund-raising. Nothing new there.

What should get people a little more riled up is health care providers, and their IT vendors, selling aggregate information about how health care is utilized. Example: prescription records show that Doctor X never prescribes drug Y. The IT vendor that stores this data on behalf of the provider sells it to drug companies, who will then market directly to Dr. X.

IT vendor standard contracts frequently include clauses specifically allowing them to do this.

:argh:

they need to be on the phone with our "representatives" demanding single-payer.