![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
I had a doctor's appointment today, and while I was waiting they committed a serious violation of HIPAA privacy rules.
None of those pamphlets about patient privacy and how they will use your information includes "and we will not violate the law by clearly and loudly stating your name, date of birth, and prescription drug on the telephone so other patients can overheard them." This office, unlike some, has the pamphlets there for anyone to take, so when the receptionist did exactly that I picked up a copy, skimmed it, and then said something like "it's not mentioned in here, but you're not supposed to violate privacy by saying your name, date of birth*, and the drug you're trying to order for her loudly enough that I could hear them clearly."
The receptionist explained that this was because they had left the window open between their area and the waiting area, and closed it, but I am not left with any confidence that they won't do the exact same thing with my information at some point.
Once I was called back into an examining room, everything actually medical went smoothly, at least.
*That combination is what doctors and pharmacies generally consider sufficient to identify patients.
None of those pamphlets about patient privacy and how they will use your information includes "and we will not violate the law by clearly and loudly stating your name, date of birth, and prescription drug on the telephone so other patients can overheard them." This office, unlike some, has the pamphlets there for anyone to take, so when the receptionist did exactly that I picked up a copy, skimmed it, and then said something like "it's not mentioned in here, but you're not supposed to violate privacy by saying your name, date of birth*, and the drug you're trying to order for her loudly enough that I could hear them clearly."
The receptionist explained that this was because they had left the window open between their area and the waiting area, and closed it, but I am not left with any confidence that they won't do the exact same thing with my information at some point.
Once I was called back into an examining room, everything actually medical went smoothly, at least.
*That combination is what doctors and pharmacies generally consider sufficient to identify patients.