Recent searches
Search options
Administered by:
Got the paper copy of the privacy disclosure a few days ago from my medical provider’s office. This is the one that, while required to be made available to me, the provider did not have access to. They had to ask Phreesia for it on my behalf.
It is literally an agreement to receive ads based on my protected health data.
At the time, I interpreted it to mean I had to agree or Phreesia would not send the information I gave them to my provider. #InternetOfShit
@feorlen You certainly do not have to agree to anything.
You cannot waive protection of your personally identifiable health information. It doesn’t matter what you sign, your data must still be protected. The #HHS Privacy Rule implements the privacy requirement of the Health Insurance Portability and Accountability Act of 1996 (#HIPAA). It is the law. I don’t know anything about Phreesia, but I’ve personally run into other health-related companies, including doctor medical offices, that were not compliant. You have the right to know the name and contact information for the medical provider’s “HIPAA Compliance Officer.” You have the right to hear directly from that person how your health information is being protected. You also have the right to know the names and medical qualifications of everyone who has had access to your health information. I’ve used this with health insurance companies twice when they denied authorizations. They folded. The risk to companies who violate HIPAA is that they can lose all of their access to Federal contracts. If you are feeling trampled, you can lodge a complaint with HHS. Follow the link for details, and good luck to you!
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html