Does this seem kind of weird? (medical records)

I just called a lab that I’ve been to once several months ago and asked for the results of a blood test to be sent to me. All they did was ask for my name, I told them, and they told ME my birthdate and address and asked if they were correct, and would have mailed or faxed my records anywhere I wanted.

I was expecting to have to confirm my identity at least a little bit. I guess anyone who knows someone’s full name and that they’ve ever used that lab could just call up and request their results with no problem (plus get their address and DOB). If anyone wants the results of my thyroid test, knock yourself out, but obviously people want to keep some test results private and I just thought it was strange that they made it so easy to get. Is that how it normally works?

http://www.healthinfolaw.org/comparative-analysis/individual-access-medical-records-50-state-comparison These are the laws by state. Some require signed authorization and other proof, some do not.

I didn’t see anything in that link about having to provide authorization or proof, it seemed to mostly be about how long the provider has to give the records.

Even if it wasn’t a matter of law, just as a company policy you would think they’d at least ask for things like DOB and address instead of telling them to the caller. They made me show ID before I got the blood draw, so giving out the results so freely doesn’t seem to go with that.

That happens at my clinic too. I give them my name, and they tell me my DOB, address, and phone, and ask if the info is correct.

Something similar happens when voting. I’m a poll worker, and our instructions are to ask the voter’s name, then ask them "Is your birthday month/date? Seems more logical to get the voter to give the info, but nope.

I once needed to change my PIN on my BOA debit card, I knew I’d need ID so I made sure to bring it.

Went in and told the clerk I needed to change my PIN, she said have a seat and took my card. She typed for a bit then said here type your new PIN and handed me the keyboard over the desk and I did so. Then she said ok you’re good to go and handed me my card.

It was only later that I realized SHE NEVER ASKED FOR ID! I could have found a debit card on the street and gone in and got it repinned lol.

I don’t care about all the possibles, the state differences, nothing. I want THEM to state the info that I may confirm. Even though I’d ask why for each item.

Did you call from the phone number they have on record? They may have caller ID and between that and your name, that gives them two pieces of ID and enough to rule out any other Blackberry they have on file.

If you want to do an experiment, wait a week or two and call back for the same records. But call from a totally unrelated phone number, one that you’re totally 100% sure you’ve never called them or put down on any form that’s at all affiliated with them or their group. Then see if they ask for more then just your name. Maybe use a friend’s cell phone.

Blackberry, you have to click on the laws contained in the box next to your state. That will show the particulars regarding the need for signed authorization etc. For example CO: A discharged patient may inspect or obtain a copy of his or her medical record after submitting a signed and dated request to the facility.

Note also, if they told you some of your personal details and asked you to confirm, and you said that was wrong, then they might want to ask some more detailed questions before sending stuff out.

In particular, if you asked them to send stuff to an address different than what is already on their records, I would hope they would balk a little at that.

Similarly, if they asked for her address (for where to send it or ‘to confirm it’) or even said "and we’re sending it to your home on 5th st in Seattle, right? Any of those, along with your name could be considered enough ID for them*.

At the very least, if the results are being mailed to the address on your file, even if some random person called and requested them, they would still get mailed to you. Yes, that person could then go and check you mail everyday, but a determined enough person could probably come up with whatever ID they needed to get the results mailed/emailed/faxed wherever they wanted them sent.
*Also, like I said earlier, they may also have her Caller ID information and matched that against her phone number on file as well.

I’d think it was protected health information and would require a release under HIPAA if not going to another health care provider in order to coordinate care.

ETA: I’d be less concerned about stranger danger and moreso about an ex who still has a mailbox key, for example.

It’s possible that they could have seen my number on Caller ID but I almost always put my cell number down, and I called on my home phone, so probably not. I really got the feeling they would have sent it anywhere I asked without any scrutiny. Fine with me, I was actually glad I didn’t have to go pick it up in person or anything and I’m not too worried about the paparazzi getting ahold of this, but I just thought it was weird.

Yep, I got a bank account restarted, the teller had to make a call and I heard her say
“He has his passport as ID”. BUT , she never looked at my passport, actually.

Joint Commission accredits (many) hospitals and labs, and specifically requires TWO patient identifiers, and telephone number is one of them.

http://www.jointcommission.org/mobile/standards_information/jcfaqdetails.aspx?StandardsFAQId=145&StandardsFAQChapterId=77

However, I will say that labs in particular tend to be very generous with their communication. I’ve had plenty of them willing to send me results without a Release of Information on my patients, when I’m calling from my personal cell phone and ask them to send it to my FAX machine in my dining room. Makes things easy for me, but does make me shake my head for my patient’s privacy.

Pharmacies, however, are a bitch to get information from, even with all the proper forms and dotted i’s.