When I first went live with my practice on September 24th, 2007, I received plenty of criticism regarding patient privacy and security. Many people questioned my compliance with HIPAA, a federal law the vast majority of physicians and institutions in America have to abide by in order to protect patients’ private health information (PHI). PHI is defined as any situation where there is an identifying factor (such as name or SSN) associated with a diagnosis. For example, John Smith is telling me about his seasonal allergy symptoms via AIM. Under HIPAA, if I were IM’ing with a patient using an unsecure chat application, like AIM, I could face thousands of dollars in fines. If I revealed this health information with criminal intent, I could face up to $250,000 in fines and 10 years in prison.

If I signed contracts with insurance companies and/or Medicare and submitted online claims to these companies I would have to abide by HIPAA. My entire practice would be illegal. I could not email, IM, text, or video chat anyone using the ubiquitous most popular communication apps (like AIM, gmail, etc.) without breaking federal law. They are not encrypted and considered not secure. I would be fined out of existence and, if argued in court, I could even face years of jail time.

If any of you are wondering why your own doctor doesn’t communicate with you using email, IM, and other ways that simply make sense in today’s world, wonder no further. They break federal law with every email and IM since the vast majority of physicians have contracts with insurance companies or Medicare.

...Because I do not take health insurance, I am free from HIPAA regulations and therefore I can conveniently communicate with you in ways that simply and plainly just make sense in today’s world. People have criticized me, a solo physician who will likely have about 1,000 patients in my practice, about security and privacy (FYI...all of my patient medical records are encrypted, password protected twice on my laptop and backed up daily to a secure, encrypted remote server). Those who question me seem horribly concerned about my patients’ privacy. Meanwhile, those of you who do have health insurance with the major insurance companies, please beware. Your name, SSN, and medical information are stored along with hundreds of thousands, if not millions, of other people in enormous databases at your mega-insurance company. The people responsible for that CD they’re using to transport maybe 196,000 people’s PHI aren’t doing such a good job. I guarantee I won’t have to provide 12 months of free Equifax to you if you are my patient. Go with the big guys and kiss your privacy goodbye. I personally use Apple’s encryption technology called Firevault. According to Apple, it could take as long as 149 trillion years to crack my password using a computer that could attempt it every second.

Labels: Insurance, Misc

E-mail Paul Hsieh, MD / PermaLink / Comments / Trackbacks / BlogThis