Comment by edwhitesell
7 years ago
Could be worse. I recently called my doctor for a refill on a prescription, left a message for the nurse. Before I received a call back, I got a text message from GoodRX with a link about the medication, following the link (I anonymized it) took me to a page about the medication and advertising about where I could get it for the best price.
Of course, this made no sense to me, as I deny sharing of my medical information with anyone. So I contacted the office, went through a couple of phone trees and spoke with a few different people. None of them could see the issue with what happened. Then I explained a phone number is PII, and tying it to a medication seemed like a significant HIPPA issue.
Then things changed, it took a few hours to hear the whole story where a pharmaceutical rep had apparently told the nurses/office staff about this great way to get prescription drug information to patents by simply entering the medication and the patient's phone number in an App...
I’ve been told this is rectified, but the reality is I wish there was more I could do. I can’t imagine how many patients have been affected by this and thought nothing of it.
I feared this story would end with some version of "no one could tell me how I received this message". So, I suppose it's heartening to hear that you were able to resolve it, and relatively quickly.
But, I do think that's where we're headed fast: with so many interconnections, "affiliate" side-deals, opt-out limitations, etc., we'll soon not be able to manage the byzantine trail of entities that have access to our data in a given scenario. Our efforts to even understand who has our data and how, let alone control access, will be near-useless.