Ok, so I've got 0 experience dealing with anything HIPAA and I'm a bit concerned with what my wife just told me. Before I call up the pediatrician's office (in a rage) where we take my daughter, I wanted to run this by the community to make sure my concerns are legit.
So, my wife gets this email today titled "PhoneSlip Login Details" with my daughters name welcoming her to "PhoneSlips" [1] and providing a username and password (her birthdate!) - FYI, my daughter is 3 y/o and obviously didn't sign-up for anything.
I instructed my wife to grab the headers and forward them to me along with a copy of the email. I was able to identify a small IT services outfit (looks like their market is doctor offices) as the originator of the email.
So, I'm sure you can see where my concern is going at this point. Who is this IT company, why do they have patient information (my daughter) from the doctors office, and why is my doctors office giving this type of information to third-parties??
Yes, it's just a name and a birthdate (that I'm aware of), but it's the principle here. I don't know how this plays in with patient confidentiality and/or HIPAA or any other laws/regs.
Is this something to complain about or am I just over-reacting?
Thanks!
BillV
[1]
PHONEslips is an easy to use messaging and office information management system for professional offices. It handles phone messages, memos, e-mails, contact database, schedules and to-do lists for everyone in the office.
GPEN - GIAC Certified Penetration Tester : Karen Millen Outlet as an example SFTP
