OBGYN at Foxhall stole their list when she exited the practice and handed it to new employer
![[Post New]](/jforum/templates/default/images/icon_minipost_new.gif){kind=icon}
Anonymous
I hate Twitter, but I did just go there to read her tweets. What is happening with her? |
Anonymous
|
Just looked at her Twitter.
There is nothing whatsoever “bizarre” about her tweets. This is a calculated attack. |
Anonymous
I received the letter as a current patient of Foxhall and a former of patient of hers. What do you mean by “calculated attack”? The letter was pretty straightforward, didn’t overstate or understate the situation. I have mixed feelings about it (like incredulous how the entire practice and individual doctors found themselves in this position right now!) but I’m not sure what you’re talking about with “calculated attack”? |
Anonymous
| I've been a patient of Foxhall for 14 years and haven't received any letters or emails. I only saw this doctor once when pregnant, and once during rounds when I was recovering in the hospital, which was about ten years ago. I am just hitting menopause so I would think I'd be within her target audience...but no letter for me. |
Anonymous
That's correct, but a question here -- among many questions -- is whether emails and insurance constitute client "records" under HIPAA. |
Anonymous
HIPAA is not an entity, and therefore cannot investigate anything. But I appreciate that you spelled it correctly. |
Anonymous
| I wish there was a way to forward this entire thread to the Twitter account @BadLegalTakes. |
Anonymous
|
There's zero chance this was an oversight. Anyone practicing medicine knows you can never do what she did.
Her patients will have to decide if they're cool with her toting their personal info around with her home computer. |
Anonymous
| Demographic information without any accompanying health information is not protected under HIPAA. Whether she violated her employment or non-compete contract is another question that no one here can answer without a copy of that contract. But I’m guessing since she’s married to Eric Holder, she knows exactly what she can do under the terms of her contract. |
Anonymous
| She took each person’s name email and health insurance provider. The letter referenced HPPA in the opening paragraph. |
Anonymous
| I'm really surprised given her education and experience which I would assume would mean she has some good critical thinking skills, and who her DH is, that she would do this. That said, I never received a letter from Foxhall so no idea what it says. I did however get a random email from her about now being with Alloy. |
Anonymous
| I am a current Foxhall patient but have not revived “The Letter”. While annoying, why is this a big deal? I receive 628383 marketing emails everyday from organizations to which I did not provide by contact information. Companies sell that information all of the time. What am I missing here? |
Anonymous
Agree ignorance is no excuse & the practice should have better safeguards. I work at a law firm that has other lawyers that handle medical records as part of their practice, and *I* had to have HIPAA training and learn about the computer & information safeguards that are necessary to avoid unauthorized access to information. For that matter, the forms they have patients sign explains the law. |
Anonymous
I feel this way too. Also a Foxhall patient why got the letter. The list did not contain private health info, only names and insurance company list. |
Anonymous
https://www.hipaajournal.com/is-it-a-hipaa-violation-to-email-patient-names/ Patient names (first and last name or last name and initial) are one of the 18 identifiers classed as protected health information (PHI) in the HIPAA Privacy Rule. ******* Patients names and other PHI should only be sent to individuals authorized to receive that information, so care must be taken to ensure the email is addressed correctly. Sending an email containing PHI to an incorrect recipient would be an unauthorized disclosure and a violation of HIPAA. https://www.hipaajournal.com/considered-phi-hipaa/ Therefore, PHI includes health records, health histories, lab test results, and medical bills. Essentially, all health information is considered PHI when it includes individual HIPAA identifiers. Demographic information is also considered PHI under HIPAA Rules, as are many common identifiers such as patient names, Social Security numbers, Driver’s license numbers, insurance details, and birth dates, that when they are linked with health information become HIPAA identifiers. The 18 HIPAA identifiers that make health information PHI are: Names Dates, except year Telephone numbers Geographic data FAX numbers Social Security numbers Email addresses Medical record numbers Account numbers Health plan beneficiary numbers Certificate/license numbers Vehicle identifiers and serial numbers including license plates Web URLs Device identifiers and serial numbers Internet protocol addresses Full face photos and comparable images Biometric identifiers (i.e. retinal scan, fingerprints) Any unique identifying number or code One or more of these HIPAA identifiers turns health information into PHI, and PHI HIPAA Privacy Rule restrictions will then apply which limit uses and disclosures of the information. HIPAA covered entities and their business associates will also need to ensure appropriate technical, physical, and administrative safeguards are implemented to ensure the confidentiality, integrity, and availability of PHI as stipulated in the HIPAA Security Rule. |