Anonymous wrote:

Anonymous wrote:I don’t know. Even if we assume the worst, that she knowingly violated HIPAA (which I don’t assume) I still don’t see the actual harm to any of the patients violated, myself being one of them.

This is not like signing up for the pottery barn website and getting all of their other catalogs.
Think about it this way -
You shared your personal information with a Drs practice so they can support you. You disclose private information so that they can provide the best care.
You share with the expectation that the drs are not selling the list to another company. Well this is in essence what she did. She knew when she was taking the information. Drs are fully aware that they do not take this information when they leave a practice - it is not some nuanced thing.

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:I don’t know. Even if we assume the worst, that she knowingly violated HIPAA (which I don’t assume) I still don’t see the actual harm to any of the patients violated, myself being one of them.

This is not like signing up for the pottery barn website and getting all of their other catalogs.
Think about it this way -
You shared your personal information with a Drs practice so they can support you. You disclose private information so that they can provide the best care.
You share with the expectation that the drs are not selling the list to another company. Well this is in essence what she did. She knew when she was taking the information. Drs are fully aware that they do not take this information when they leave a practice - it is not some nuanced thing.

OK. I guess I don't care. I don't feel harmed by someone (1) knowing that I went to the practice and/or (2) sending me emails from their new company. Everyone who is talking about a class action suit needs to get a life. Seriously. You will gain nothing and she may what...get a fine? If that?

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:I don’t know. Even if we assume the worst, that she knowingly violated HIPAA (which I don’t assume) I still don’t see the actual harm to any of the patients violated, myself being one of them.

This is not like signing up for the pottery barn website and getting all of their other catalogs.
Think about it this way -
You shared your personal information with a Drs practice so they can support you. You disclose private information so that they can provide the best care.
You share with the expectation that the drs are not selling the list to another company. Well this is in essence what she did. She knew when she was taking the information. Drs are fully aware that they do not take this information when they leave a practice - it is not some nuanced thing.

OK. I guess I don't care. I don't feel harmed by someone (1) knowing that I went to the practice and/or (2) sending me emails from their new company. Everyone who is talking about a class action suit needs to get a life. Seriously. You will gain nothing and she may what...get a fine? If that?

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:I don’t know. Even if we assume the worst, that she knowingly violated HIPAA (which I don’t assume) I still don’t see the actual harm to any of the patients violated, myself being one of them.

This is not like signing up for the pottery barn website and getting all of their other catalogs.
Think about it this way -
You shared your personal information with a Drs practice so they can support you. You disclose private information so that they can provide the best care.
You share with the expectation that the drs are not selling the list to another company. Well this is in essence what she did. She knew when she was taking the information. Drs are fully aware that they do not take this information when they leave a practice - it is not some nuanced thing.

OK. I guess I don't care. I don't feel harmed by someone (1) knowing that I went to the practice and/or (2) sending me emails from their new company. Everyone who is talking about a class action suit needs to get a life. Seriously. You will gain nothing and she may what...get a fine? If that?

You may not care about your personal information being shared unlawfully but clearly others do. Frankly, I'm surprised you don't care that your doctor is willfully choosing to disregard the law.

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:Demographic information without any accompanying health information is not protected under HIPAA. Whether she violated her employment or non-compete contract is another question that no one here can answer without a copy of that contract. But I’m guessing since she’s married to Eric Holder, she knows exactly what she can do under the terms of her contract.

https://www.hipaajournal.com/is-it-a-hipaa-violation-to-email-patient-names/

Patient names (first and last name or last name and initial) are one of the 18 identifiers classed as protected health information (PHI) in the HIPAA Privacy Rule.

*******

Patients names and other PHI should only be sent to individuals authorized to receive that information, so care must be taken to ensure the email is addressed correctly. Sending an email containing PHI to an incorrect recipient would be an unauthorized disclosure and a violation of HIPAA.

https://www.hipaajournal.com/considered-phi-hipaa/

Therefore, PHI includes health records, health histories, lab test results, and medical bills. Essentially, all health information is considered PHI when it includes individual HIPAA identifiers. Demographic information is also considered PHI under HIPAA Rules, as are many common identifiers such as patient names, Social Security numbers, Driver’s license numbers, insurance details, and birth dates, that when they are linked with health information become HIPAA identifiers.
The 18 HIPAA identifiers that make health information PHI are:
Names
Dates, except year
Telephone numbers
Geographic data
FAX numbers
Social Security numbers
Email addresses
Medical record numbers
Account numbers
Health plan beneficiary numbers
Certificate/license numbers
Vehicle identifiers and serial numbers including license plates
Web URLs
Device identifiers and serial numbers
Internet protocol addresses
Full face photos and comparable images
Biometric identifiers (i.e. retinal scan, fingerprints)
Any unique identifying number or code
One or more of these HIPAA identifiers turns health information into PHI, and PHI HIPAA Privacy Rule restrictions will then apply which limit uses and disclosures of the information. HIPAA covered entities and their business associates will also need to ensure appropriate technical, physical, and administrative safeguards are implemented to ensure the confidentiality, integrity, and availability of PHI as stipulated in the HIPAA Security Rule.

Thank you.

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:I don’t know. Even if we assume the worst, that she knowingly violated HIPAA (which I don’t assume) I still don’t see the actual harm to any of the patients violated, myself being one of them.

This is not like signing up for the pottery barn website and getting all of their other catalogs.
Think about it this way -
You shared your personal information with a Drs practice so they can support you. You disclose private information so that they can provide the best care.
You share with the expectation that the drs are not selling the list to another company. Well this is in essence what she did. She knew when she was taking the information. Drs are fully aware that they do not take this information when they leave a practice - it is not some nuanced thing.

OK. I guess I don't care. I don't feel harmed by someone (1) knowing that I went to the practice and/or (2) sending me emails from their new company. Everyone who is talking about a class action suit needs to get a life. Seriously. You will gain nothing and she may what...get a fine? If that?

You may not care about your personal information being shared unlawfully but clearly others do. Frankly, I'm surprised you don't care that your doctor is willfully choosing to disregard the law.

+1

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:I dunno. If I have a doctor, my relationship is with them, not the firm. I appreciate knowing where they land.

+1 That’s how it works for lawyers.

She should send out a letter to clients *before* she leaves, telling them where she is going.

Also, *her* clients, not the whole practice’s list.

There are ways to do this properly. Stealing data is not it.

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:I don’t know. Even if we assume the worst, that she knowingly violated HIPAA (which I don’t assume) I still don’t see the actual harm to any of the patients violated, myself being one of them.

This is not like signing up for the pottery barn website and getting all of their other catalogs.
Think about it this way -
You shared your personal information with a Drs practice so they can support you. You disclose private information so that they can provide the best care.
You share with the expectation that the drs are not selling the list to another company. Well this is in essence what she did. She knew when she was taking the information. Drs are fully aware that they do not take this information when they leave a practice - it is not some nuanced thing.

OK. I guess I don't care. I don't feel harmed by someone (1) knowing that I went to the practice and/or (2) sending me emails from their new company. Everyone who is talking about a class action suit needs to get a life. Seriously. You will gain nothing and she may what...get a fine? If that?

You may not care about your personal information being shared unlawfully but clearly others do. Frankly, I'm surprised you don't care that your doctor is willfully choosing to disregard the law.

+1

1. Doesn't sound like it is actually unlawful - and even if it was, it effects you negatively not one one bit. I hate to use the term, but thread sounds Karen-esque. 2. She's not at the practice anymore so she is not anyone's doctor...so again, it feels like you want her punished just because...why exactly? What will you gain? And if there is something you would gain, you need help. Look within.

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:I don’t know. Even if we assume the worst, that she knowingly violated HIPAA (which I don’t assume) I still don’t see the actual harm to any of the patients violated, myself being one of them.

This is not like signing up for the pottery barn website and getting all of their other catalogs.
Think about it this way -
You shared your personal information with a Drs practice so they can support you. You disclose private information so that they can provide the best care.
You share with the expectation that the drs are not selling the list to another company. Well this is in essence what she did. She knew when she was taking the information. Drs are fully aware that they do not take this information when they leave a practice - it is not some nuanced thing.

OK. I guess I don't care. I don't feel harmed by someone (1) knowing that I went to the practice and/or (2) sending me emails from their new company. Everyone who is talking about a class action suit needs to get a life. Seriously. You will gain nothing and she may what...get a fine? If that?

You may not care about your personal information being shared unlawfully but clearly others do. Frankly, I'm surprised you don't care that your doctor is willfully choosing to disregard the law.

+1

1. Doesn't sound like it is actually unlawful - and even if it was, it effects you negatively not one one bit. I hate to use the term, but thread sounds Karen-esque. 2. She's not at the practice anymore so she is not anyone's doctor...so again, it feels like you want her punished just because...why exactly? What will you gain? And if there is something you would gain, you need help. Look within.

Way to go with the misogyny! She was cavalier and careless with former patients’ and her former colleagues’ patients’ information and broke the law. I want to know my information is no longer in the hands of a company that had no right to it in the first place. I want to know what the practice is doing to prevent this from happening at the practice again. She should at the very least be fined and the occurrence recorded by the Medical Board in the state she is licensed. An apology would be nice, but I am not holding my breath.