Medical Privacy, Identity Theft and Other Scary Things

I spoke with a client yesterday who is still reeling from an identity theft situation. He was alerted that a credit card (something he never uses) was taken out in his name, and then an immediate change of address was requested. He knows that particular card is now closed, but worries about others. He said his brother had a similar situation, and that the authorities, despite considerable information that his brother collected on the thief, had done nothing to apprehend or prosecute the bandit.

I’m a privacy freak. Downright paranoid, some people say. My husband is in awe that I blog, since I won’t give my bank my social security number for my business account and have been known to raise my voice in protest and quote my legal rights when pushed on such issues.

That said, I was awoken this morning at 5 a.m. by my home phone number ringing — and when I answered it, it was a fax attempt. For the next three hours, it rang every five minutes.

Around 7 a.m., I took the number off my caller ID, did a cross-reference on Google, located the name of the company sending the fax. Did another cross-reference to locate the voice phone number based on company name and physical address (in Texas) and after three attempts at different numbers, I finally got a live person.

The company, from my research was a medical claims approval company of some sort.

Silly me, I assumed that they would not want an errant fax going out. When I talked with the lady, I gave her my home phone number, told her my frustration and ask that she make the fax quit. She said that she had no way of knowing which fax was sending it. I gave her the fax number, and she said “yeah, that’s one of ours, but I don’t know how I’d stop it.” I urged her to try, and told her that I was sure she didn’t want the information coming to me.

The calls continued, and it was driving me batty. I turned the phone off for awhile, but didn’t want to have to deal with the every 5 minute calls once my work day began.

So, I had a brainstorm… the way to make an undeliverable fax stop, if the sender won’t, is to let it be delivered. So, I forwarded the home line to my business 800 number (which automatically accepts faxes) and waited five minutes.

Once I saw a fax delivery on my Internet control panel, I un-forwarded the phone.

Blessed silence…finally.

I wanted to let the sender — the actual person who sent the fax — to know what a headache they had caused, so I opened the fax to get that number.

What I found there was quite interesting, and was enough to make the hair stand up on the back of my neck. I had a woman’s name, her birth date, her social security number, the name of her physician, her pharmacist and the drug that had been prescribed. The fax was supposed to go to the local Kroger Pharmacy — but never quite made it.

Having worked for a cancer program and a regional medical center for many years, I was appalled that this information would be sent to the wrong number and that no attempts were made to stop it once the company had been alerted to the problem.

I called the company back, getting a different “live” person this time. I told her I’d called nearly an hour before and had given my phone number and a summary of the situation to whomever answered the phone there. I explained the situation and she said she was sorry for the inconvenience, but she didn’t know how they could stop it since all that stuff was computerized. She was sorry no one had helped me with my problem. I told her I’d fixed MY own problem, by accepting the fax to make it stop redialing.

I said that she, and her company, could deal with THEIR problem once my official complaint had been filed.

I told her that typing in the number I had given the first lady should have been enough to pull up the send order, I also told her that I was sorry that they had not been able to stop the fax, but that I had. I told her I’d gone to a great deal of trouble to back-track the number, research the company on the internet and try multiple numbers before finding a live person to request that the faxing cease. I also told her that I felt that the authorities, especially HIPAA, would probably be interested in the fact that I now had a lady’s full name, her social security number, her birth date, her prescription information, her doctor’s name, and her pharmacy’s name.

Suddenly, she was ready to help me. If I would just give her my name and my phone number, she would see what she could do. She asked if I wanted to send her the fax and she would look into my problem. She was so helpful at that point!

She seemed upset. Go figure.

I declined her help at that time, told her if she wanted my number she could check with whomever was on duty an hour ago when I left that information with the person answering the same number she just did. She said the night shift had left already.

Hmmm. One would think there would be a note left, or a mention made about something like this, wouldn’t one??

I told her that I’d gone to a great deal of trouble to prevent this delivery, and that it didn’t bother me if they had to dig some to locate the problem, or they could wait for the official report.

And THIS is why I protect my own information. THIS is why I hesitate to give out any information even to known sources that is more than they are legally permitted to require. THIS is why I take an interest in privacy issues both on and offline. And the real kicker?? The lady is local, her number (with her physical address) is in the phonebook I keep on my desk. So, if I were a “bandit” instead of a privacy advocate – I’d have everything I needed right about now to make this woman’s life unbearable for months, maybe even years to come.

Just FYI… the number to make a formal complain to the HHS on medical privacy issues is 866-627-7748, if anyone else out there is getting frustrated with the way that personal information flies about in the age of identity theft. Web address is:

Personally, I have to go make a phone call now. I’m going to file a complaint, then contact the doctor and the pharmacy to let them know what has happened. As far as the individual is concerned- I’m not sure this lady would understand the impact of what might have happened, and she might just think me a prank caller.

Personally, I’d want to know, but I’m not sure others would want their little world rocked. I’ve consulted with my mother on the issue (the lady is near my mother’s age) and she said that most people don’t want to know such things; it would only be unnecessarily upsetting.

So, I’ll do the “official” route, under her advisement. But, if it were me, I’d want to know.

For everyone else out there – don’t give out any more info than you must, protect your privacy and ensure that the companies you do business with respect and protect your privacy too.