(HIPAA) Health Insurance Portability and Accountability Act
Being and IT guy for the last 35 years, I am no stranger to HIPAA, SOX, FISMA, and many other regulations from the government, including the federal mandates as to how this is to be accomplished.
While HIPAA is designed to protect your privacy, I wonder if that is how it is actually being used.
From a DR (disaster recovery) standpoint, your data must be backed up and off site. Your data must be recoverable; meaning that you have successfully tested the process on a regular basis.
The easiest way to do this is with CLOUD technology but, I am here to tell you that the hackers attack the cloud… If you’re data, and my data, and your competitors, is in some nebulous storage arrays out there in some data center…that is a central target for the bad guy…
You must have written policies and procedures regarding same… This would be part of your DR plan, run book; or even your living document that is your DR plan.
SOX or Sarbanes Oxley is another set of rules that apply to all publicly traded companies that share many of the same tenants of a good DR plan. E-mails must be stored and retrievable in the event the government wants to see them. Stored off-site and recoverable…
The government, for the government’s own use, has stricter policies and procedures which I wrote about some time back when the Hillary e-mail fiasco came to light… That is why this whole e-mail scandal is laughable as there is no possible way that those e-mails should have been lost, just like there is no way that she should have had a server of her own, dealing with Top Secret Classified e-mails. Why she is already not wearing orange, and living in Club Cupcake Penitentiary, is a testament to the corrupt policies and procedures that our wonderful government seems to enjoy for the rich and famous or in this case the political elites.
Calling and talking with any of the folks at your insurance carrier, you are told that your call may be recorded and monitored for security and training purposes… Now please tell me how this does not violate HIPAA?
When visiting your doctors you had to sign a release, basically nullifying HIPAA so they, the office staff or doctors can talk about your case, health or anything that is needed to whomever that they have to deal with to get paid. Again, how is this not a violation of HIPAA? Working behind the scenes at these places I have heard many cases talked about from end stage renal disease, to genital warts complete with names. I was once working in a plastic surgeons office where his desk was littered with open pictures of nude women with before and after breast augmentation etc etc. This stuff should have been put up before I was ever allowed into his office.
The simple facts are, that we are living in an age of no-privacy; either expressed or implied. The idea of HIPAA is great but, like the thousands of pages of tax code, it is virtually meaningless after the lawyers get through with it. It’s like living in Chicago with all sorts of police vehicles, and one cop who lives at the donut shop. There is the illusion of security, but it simply does not exists.
The airport is another place where you have no privacy but, still the TSA misses about 95% of the threats that their agents try to smuggle through, while testing their efficiency.
While we parade through scanners that strip us naked, and expose us to ionizing radiation, they still miss 95%…! How the hell is that possible?!
While in the waiting room the other day I could hear the office staff talking about patients and their treatment options… That was not bad enough… One of the ladies at the reception desk was calling patients who owed them money between greeting people, taking credit card info… Yep, she read back the guy’s number complete, the billing zip code and expiration where everyone could hear it. I take credit cards and I thought to myself… you did not get the CVV code… A few minutes later she called him back to get that…. And repeated it to where anyone in the waiting room could have heard.
While I have since written a letter to my Doctor…it does not end here…
This same doctor prescribed some meds that I went to CVS to pick up… While in line, the cashier, after getting your name and date of birth, grabs the meds off the shelf, and tells you what they are so everyone in line and the immediate area can hear.
Name and DOB are nobody’s business and certainly what you are buying is nobody’s business…
While I may be over sensitive to this, I don’t really think so…
Either we have HIPAA or we don’t. Either we follow the rules and policies set forth…or we don’t.
The illusions of security is not enough. The illusion of privacy is not enough. Collecting everyone’s Meta data without warrant, is wrong on many levels.
We need to look at and re-vamp all of these policies as we have given up so much of our privacy for the sake of laziness on the part of the employees.
Instead of me telling the lady behind the counter she should ask me to see my ID verifying who I am and my DOB without saying it aloud. After she pulls my meds she can show me what they are without voicing them… Simple policy changes prevent unauthorized or in this case nosey people in line getting into your business.
There are simple answers for all of these things but one simply has to think… We are too damned lazy to think…
© Copyright 2015 All Rights Reserved