Comments: Information Technology meets Medical: Why We Should All Be a Little Worried


They seem to break every privacy rule I can think of, and probably some I don't know. I don't know if HIPAA applies to smaller practices, but at the very least, they seem unusually inefficient. Maybe you should suggest they use the records systems from Google or Microsoft? I can't personally recommend them as a user, because I haven't used them. But I have talked to CIOs at hospital companies that have approved them for use with patients.


Posted by Michael Fitzgerald at January 15, 2010 07:41 AM

Mary, I feel your pain. Sometimes I fell like I'm talking into the wind on things like this. It's maddening that people write you off because "no one else" has complained. Makes you feel sort of "bad," "angry" or in need of a true medical professional.

What's hard about this situation is the mix of getting good medical care (hard to find these days) with a the notion of 21st century privacy. Good doctor? Good privacy? Which one should I choose? Of course, we deserve both.

BTW, I *never* give out my SSN to anyone. I don't care if they ask for it or require me to use it. To them my SSN# is N/A.

Posted by Jeff at January 15, 2010 07:56 AM

Agreed.. GGObgyn is governed by HIPAA rules but I think smaller medical offices are sort of off the radar of government agencies who might patrol this issue.. in fact the CVS example on the FTC site was a huge example.. that's what makes the FTCs radar.

Unfortunately, it's us who need to be vigilante and let providers know they aren't doing a good job.. and here I am doing that and frankly, the Dr.s office staff just finds this "a waste of time" according to the office manager.. who presumably oversees their HIPAA compliance.

It is incredibly frustrating. My Dr. (Donna Wiggins) is fantastic, and the medical group's office staff is incompetent because they can't understand patient needs (like privacy of their medical and personal data) or their own website or information technology generally.


Posted by mary hodder at January 15, 2010 08:29 AM

I should think (naively, I'm sure) that one strongly-worded complaint using "HIPPA" in every sentence would strike the fear of -- well, of the govt -- into Medfusion, since they are in the health records *business.* If not into GGObgyn.

Posted by NVH at January 16, 2010 09:11 AM

You could write them a letter, and mail it.

Posted by Kerri at January 21, 2010 10:18 AM

Hi Kerri,
Yes.. you are right. I could write Golden Gate OBGYN a letter and mail it to them about their website & privacy policy which is missing their own contact information, but which they reference in that privacy policy as being there. Along with the other site issues.

I can say that that's never going to happen. But I *could* do it.

Instead, I printed all the pages out from GGObgyn, and marked them up, and I'll bring those to my appointment in a few weeks. I think the doctor, who is otherwise fantastic, should know that her staff and her website aren't doing so well representing her.


Posted by Mary Hodder at January 21, 2010 10:26 AM

Sounds like you are exaggerating quite a bit. This is your side of a very frustrating circumstance. I am sure you put quite a spin on it to make yourself seem wronged. I am certain you will not post this on your site. You seem a little full of yourself..

Posted by at January 28, 2010 08:31 AM

Hi Anonymous,
Thanks for your comment.

I don't think a medical site, which requests very personal information, but doesn't post a privacy policy, needs any "spin" from me to make it clear to readers that it's a worrisome circumstance. Nor the statements made by GGOBGYN.

There was no exaggeration about what they provide or said to me on the phone. I actually took notes during the interaction.. because after a few minutes, it became clear that my health and personal data (like SS # coupled with address, phone, and other information perfect for identity theft, and other painful misuses) were not protected by GGOBGYN or Medfusion.

So my retelling above is literally what occurred in order based upon my notes of exact quotes from the conversations.

I was however dismayed by the fact (from a usability perspective) that GGOBGYN would have users do all this personal data entry in order to get a "glorified" email form. Yes.. my reaction was stated with some exaggerated emotion, because from a user perspective, GGOBGYN is WASTING MY TIME AND EVERYONE ELSE'S with a circa 1997 email form.

Can you tell me what else you think I'm exaggerating (based upon what information in the post)?

The main point, which the title notes, is that my medical data was not covered by a privacy policy at the time I interacted with the system, there was no contact information, and when I called GGOBGYN they said they "didn't have time" to deal with the privacy problems of their website.

Also.. would you care to share your name? By leaving yourself Anonymous, I'm thinking you may be associated with GGOBGYN and taking offense at my relating the story.


Posted by Mary Hodder at January 28, 2010 09:07 AM