Cook County appointment reminder system drops the ball on HIPAA
Neil Versel describes a situation that’s concerned me for a long time — automatic calls that reveal PHI if the person who answers the call says that they’re the person being dialed (even when they’re not!):
Friday, “Cook County” popped up on the caller ID when I was on another call. Ditto for when I was out later. The next day, I answered your robo-call. This time, I pressed “0” hoping to get to a live person, but that wasn’t happening at 7 p.m. on a Saturday. So I pressed “1,” hoping that by saying I was Ms. Bautista, you’d tell me I owed money or something, then leave me alone. But relentless calls weren’t about billing. You were trying to remind this person that she had an appointment on Wednesday at the imaging department of Stroger Hospital on Chicago’s West Side to test for a specific condition.
So, because someone entered the wrong phone number into a computer and because your system didn’t have a way for the call recipient to report a wrong number, you released some of Ms. Bautista’s protected health information. I’m sure this isn’t the first time something like this has happened.
Read more on FierceHealthIT