The Company That HIPAA forgot

hipaa

As a lot of you know I was unemployed for most of 2014. Back in November I was offered a job in a pharmaceutical call center and I took it. I figured with my experience in the healthcare field this job will be a piece of cake.

When my training class started the company emphasized how important to them HIPAA was. For those of you who may not know HIPAA stands for the Health Insurance Portability and Accountability Act. In a nutshell it’s the federal law that protects your private personal health information. If an individual provider or practice or corporation is caught violating HIPAA guidelines hefty fines and jail sentences can be imposed. In my career I’ve been dealing with HIPAA for a while now and understood the gravity of the position my new employer was taking.

For example we were not allowed to have our cell phones out on the call center floor due to fear of someone using it to steal personal information. That’s understandable. I’ve worked at a couple of companies that had similar policies. Then we were told that we could have no pens or paper on the floor so no one could write any personal information down. Instead we were given small white boards and dry erase markers. I thought that was a little extreme since sometimes you have to write things down in order to assist the patient or customer with their request. In other offices there were bins that we dumped all our paper in at the end if the day that would eventually be shredded. But again, I sort of understood where they were coming from. Finally we were told we could have no bags on the floor. No backpacks or purse or what have you. If you absolutely had to bring belonging out on to the floor they had to be in some form of transparent bag. To me this was a little more than extreme so I did some research and found out that the company was fined heavily by the government when one of its former employees was caught stealing and selling personal health information. At that point I assumed that they were just covering all their bases when it came to HIPAA. Then we started taking calls.

During our first week on the call center floor my training class was not authorized to take calls because of an IT snafu so we listened in on the calls of another class who started the same time we did. In the past I may have said that HIPAA was an answer to a question that no one asked but it’s been the law of the land for the while now. You wouldn’t have been able to tell with the calls I heard. The CSR’s were giving out all sorts of personal information to parties that should have not had that kind of access. They weren’t doing it maliciously but no trainer, coach or supervisor was correcting them. When I asked a higher-up about it I was basically told that the new hires have 30 days on the floor before they start cracking down on things like that? That may be great for the new hires but they’re talking to real patients who have real medical needs whose real personal information was being given to unauthorized parties with no repercussions.

Shortly into the 2nd week of being on the call center floor I walked out. I wish I could say it was all due to the flagrant violation of federal privacy laws but it was a rather large part of it. The really sad part is a lot of customers of this company have no idea that their information is being given out so freely.

3 Replies to “The Company That HIPAA forgot”

  1. I think I once accidentally violated HIPAA. People sometimes put the wrong numbers on their paperwork. I sent it back requesting the correct info and wrote that number was for a certain individual (which I idiotically named), and not the one on the paperwork. It was right when I started. I also didn’t know there were insurance agents and would send paperwork right back to them thinking they were patients. lol.

Leave a Reply