Does HIPAA Even Exist for Large Corporations? -- PART 2
Today I got my official reply to my HHS Office of Civil Rights complaint of 5/3/24 against CVS for violating HIPAA regulations. The minor and rather impressive miracle here is that I got a signed letter from an attorney in only 17 days with relevant regulations and interpretations attached. Good so far.
The result was that they are not going to pursue a formal complaint -- instead they are going to "resolve this matter informally through the provision of technical assistance to CVS."
HHS OCR points out that "a covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of PHI in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure.... Further, under the Security Rule, with certain exceptions, the use of encryption is addressable; i.e., not mandatory." [red emphasis mine]
HHS further states under Reasonable Safeguards that "It is not expected that a covered entity’s safeguards guarantee the privacy of protected health information from any and all potential risks. Reasonable safeguards will vary from covered entity to covered entity depending on factors, such as the size of the covered entity and the nature of its business."
If HHS OCR actually in fact offers this technical assistance in a meaningful way, that WOULD satisfy my complaint -- not that anyone is asking me. This was almost certainly a stupid screw-up by someone in CVS Info Tech programming the canned computer "after visit summary" process to send out way too much information in unencrypted format to people who received a COVID booster at a CVS. If CVS STOPS doing this, I'm good.
To recap -- I received an after-visit summary not only listing what COVID booster med I received, but also my DOB, home address, and all the answers to my screening questionnaire including my answers to whether or not I have ever had a seizure, a bleeding disorder, am currently pregnant, am immunocompromised (including from cancer), have a history of myocarditis, and many other questions.
I will waste my time writing HHS OCR back to thank them and to remind them that to the best of my knowledge I never signed a release for disclosure (which apparently has no legal bearing here?), and that in this new age of AI every major tech company is incorporating AI into EVERYTHING. If I had a Gmail account, Google would have all my medical information from this CVS after visit summary email and likely would be utilizing AI to monetize it in some way.
I suppose the good news here for small psychotherapy practices is that if this is close to acceptable practice for even a giant company like CVS, then maybe we have little to worry about when it comes to client privacy. Heck -- why not just email client PHI to them without getting releases first? Why have encrypted client portals for communication?
-- Michael
**Does HIPAA Even Exist for Large Corporations? -- PART 1**
I don't care if anyone knows I just got a COVID vaccine. Most people don't care.
However, CVS Pharmacy just sent me an after-visit report across unencrypted Internet to my email address.
The form included such fields as:
-- My Full Name
-- **DATE OF BIRTH!**
-- My Full Home Address
-- Medication Administered
-- Date and Time of Appointment
-- Name of Pharmacist I saw
-- Name of Doctor at CVS overseeing it all
-- Name and Address of my Primary Care Doctor
Also:
-- All the answers to my *screening questionnaire!* including my yes/no answers to multiple medical conditions such as heart problems, immunocompromise, seizures & other brain problems, and pregnancy.
So many things wrong here. This is almost enough information for identity theft (lacking only SSN). It gives away LOTS of my medical information. If I had a Gmail email address, Google would now have all this information. What if I was a pregnant female in the southern USA where Attorney Generals are starting to track state of pregnancy for later prosecution if women go out-of-state for abortions or have a suspicious (to them) miscarriage?
**How does CVS get away with this when smaller medical offices have to be so careful?**
Michael Reeder, LCPC
#AI #EHR #medicalnotes #progressnotes #healthcare #patientportal #HIPAA #dataprotection #infosec @infosec@a.gup.pe #doctors #hospitals #CVS #COVID #sars-cov-2 #longcovid #severecovid#covidisnotover #pharmacy #vaccine
Psychology news robots distributing from dozens of sources: https://www.clinicians-exchange.org
. Does HIPAA Even Exist for Large Corporations?
I don't care if anyone knows I just got a COVID vaccine. Most people
don't care.
However, CVS Pharmacy just sent me an after-visit report across
unencrypted Internet to my email address.
The form included such fields as:
-- My Full Name
-- DATE OF BIRTH!
-- My Full Home Address
-- Medication Administered
-- Date and Time of Appointment
-- Name of Pharmacist I saw
-- Name of Doctor at CVS overseeing it all
-- Name and Address of my Primary Care Doctor
Also:
-- All the answers to my screening questionnaire! including my yes/no
answers to multiple medical conditions such as heart problems,
immunocompromise, seizures & other brain problems, and pregnancy.
So many things wrong here. This is almost enough information for
identity theft (lacking only SSN). It gives away LOTS of my medical
information. If I had a Gmail email address, Google would now have all
this information. What if I was a pregnant female in the southern USA
where Attorney Generals are starting to track state of pregnancy for
later prosecution if women go out-of-state for abortions or have a
suspicious (to them) miscarriage?
*How does CVS get away with this when smaller medical offices have to
be so careful?
*
BREAKING! Wisconsin Study Proposes Hypothesis That #SARS-CoV-2 Was A Originally A DNA Virus That Was Transcribed To An #RNA Virus! - Thailand Medical News
@TransitBiker So, where in the sequence of #SarsCov2 did you or anybody else find #HIV sequences? How is that compared to other #SARS or # MERS #Corona viri? Any proper literature on anything? I call your hypothesis #bullshit.
It hurts - I want the only remaining[1] data stream in #BC to be something I can lean on directly, but that's not possible.
At least we have a risk dashboard from @MoriartyLab in Canada, but there's no guarantee that will continue.
But wastewater? It's not useful beyond "yes we're in a sustained flood, maybe with waves."
This isn't a hot take; experts in the field say "the idiosyncrasies of the shedding trajectories highlight the potential complications of using models to directly predict epidemiological parameters such as community prevalence." [4]
#Covid can damage your brain:;
"(1) a greater reduction in grey matter thickness and tissue contrast in the orbitofrontal cortex and parahippocampal gyrus; (2) greater changes in markers of tissue damage in regions that are functionally connected to the primary olfactory cortex; and (3) a greater reduction in global brain size in the #SARS-CoV-2 cases. The participants who were infected with SARS-CoV-2 also showed on average a greater cognitive decline between the two time points. Importantly, these imaging and cognitive longitudinal effects were still observed after excluding the 15 patients who had been hospitalised. These mainly limbic brain imaging results may be the in vivo hallmarks of a degenerative spread of the disease through olfactory pathways, of neuroinflammatory events, or of the loss of sensory input due to anosmia." https://www.nature.com/articles/s41586-022-04569-5
Meanwhile at the #CBC, they're uncritically publishing "expert" dreck like ""We're going to have more infections among the population this year, partly because our immune systems haven't been stimulated by this group of infectious agents over the last three or four years," he said."
C'mon CBC. The last 3 or 4y have had historically high levels of RSV, influenza and other respiratory diseases in most Canadian areas.
And no mention of immune senescence after #SARS-CoV-2. That story broke years ago.
So, CBC, we go back, I care about you, but if you can't do the most basic fact checking it feels like you're trying to harm yourself and others, and I'm worried about you.
Another "expert": it's just mucus from previous infections, "All of that gunk has to be coughed out."
Oh and "Some people … get to the point of actually using inhalers for asthma," Abdulla said. "Not only do they have a cough, but they also have some wheezing and airway restriction."
Just like in years past, right, where if we didn't catch a cold for a couple of years, we might be coughing for months and suddenly need an asthma inhaler. Those good ol' days!
The article summaries the techniques of #risk#mininizers, who while telling you to do your own #riskAssessment are also engaged in propaganda (and I choose that word advisedly) to establish a different narrative with the objective of manufacturing consent for #massInfection
You cannot #RiskManage what you do not see, think about, talk about or measure. If you want to manage your COVID risk, you need to understand, think around & through the minimization techniques.
I wrote about this recently in my Raven Rock post, where similar techniques were used during the cold war. As a society, we have done this before, with the risk of nuclear war. And currently, with the risk of climate change.
Thank you @anarchademic for highlighting it. I have subscribed.
Attack the event (its seasonal, nothing around now), its probability (its rare!) or its impact (its mild!)
Attacking the impact chops up the risk consequence from the risk probability.
E.g. Ok The probability of infection may be high (2-3 times a year say). So what if there is alot of #SARS floating around? So what if you get it 3 times a year? Its mild, its a cold, you will get over it fast. No big deal, right?
No. The actual impacts occur during both acute infection and post-acute stages. Best evidence says even "mild" infections have long term risk.
Disconnecting the Impact, minimizes the consequences of the risk event and causes you to stop thinking about about taking action.
En el diagnóstico mediante las pruebas de antígeno de #SARS-CoV2 nos encontramos aquí:
"Múltiples pruebas rápidas de antígenos de uso común ahora tienen sensibilidades de diagnóstico inferiores al 30% para personas previamente vacunadas o infectadas, con sensibilidad aún más bajas en las primeras 48 horas de la infección".
"People infected multiple times with #COVID19 are more likely to develop long COVID, and most never fully recover from the condition. Those are two of the most striking findings of a comprehensive new 3-year research study of 138,000 veterans."
I dedicate this post to the three people who told I was being a fearmonger in the past week.
@augieray Not to fearmonger, but I got #MECFS from #EBV back in 2004, I had just inherited some money so I did some serious radical resting for months after I finally found out what was going on, and I got back to normal, mostly. I would get some pretty brutal PEM on the weekends because I worked two jobs and I went to college, but I assumed it was my age as well (I was in my 30s).
Anyway, I forgot about it. I was fine, living my life, then I got in a car accident that injured a few discs in my neck, and I woke up the next day feeling like I had mono all over again. And I’ve had full-blown MECFS since that morning.
So, back to fear mongering, I’m worried for the people who recover from #longCovid, I’m worried about them pushing themselves too hard, or suffering a physical or mental trauma, and having it come right back. Hopefully this virus doesn’t act like herpes viruses, but if it reactivates EBV that’s a herpes virus right there so . . .
But the people who recovered from the first #SARS remained recovered, correct? It’s been more than 20 years we have data on those folks, right?
A new study has found that people differ in how vulnerable they are to different mutations in emerging variants of #SARS-CoV-2. This is because the variant of SARS-CoV-2 a person was first exposed to determines how well their #immune system responds to different parts of the #virus, and how protected they are against other #variants. #Virology#Covid#sflorg https://www.sflorg.com/2023/10/vi10062301.html
Gerade rechtzeitig, da die Zahl der #Corona-Infektionen wieder steigt und sich hohe Inzidenzen für Herbst/Winter ankündigen, gibt unsere Koryphäe #Drosten ein Interview, in dem er die Notwendigkeit der Impfung kleinredet und das Testen auf #COVID und das Tragen von Masken für unnötig erklärt.