Bonus points to the OP for spelling HIPAA correctly.
Mocking derision towards all who spelled it “HIPPA”.
HIPPA, HIPA, and HIPPO are very common mistakes. I encounter them so often I ignore it. It’s YAFLA.
What was said above.
Step 1: Get written documentation from Walmart that her prescription was grounds for denial of her claim.
Step 2: File with HHS for the HIPAA violation.
I’ve paid at the front of the store before. But that was a really long time ago (certainly before HIPAA), so I’m fuzzy on the details. I’m pretty sure the store was CVS.
Is the OP seriously giving creedence to this story his mother told him, after all of the wild ass stories he has described of her sending him on wild goose chases of wanting to sue this person or the next?
Sounds like she was expecting her $5 gift card, didn’t get it and want’s you to take care of it.
(shrug) I was referring to Walmart in my post. Not sure about other places, since I rarely get prescriptions. Considering that one of mine was for Vicodin (seriously abscessed tooth, OTC was doing squat for pain and I was already taking as much ibuprofen as the prescription strength she wanted to give me), could also have had something to do with what I was getting.
Don’t worry about a lawyer, just get the media involved. Easy money - and frankly the behaviour of Walmart IF THIS STORY IS ACCURATE AND FAIRLY COMPLETE has been disgusting here.
For clarification, here is the link to the portion of the HIPAA law regarding business associates:
The relevant text of interest is (bolding mine):
“Business associate functions and activities include: claims processing or administration; data analysis, processing or administration; utilization review; quality assurance; billing; benefit management; practice management; and repricing. Business associate services are: legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial. See the definition of “business associate” at 45 CFR 160.103.”
I would argue that loss prevention could be classified as a QA, legal, and/or consulting role. Or it could administrative or financial as well.
The Walmart Pharmacy Notice of Privacy Practices can be found here: http://i.walmart.com/i/if/hmp/fusion/pharmPrivacy_english_2005.pdf
It does not mention business associates, so I must be wrong about the requirement that you have to mention those in your notice (it’s been close to 10 years since I did HIPAA consulting). That said, Walmart definitely uses business associates of some kind as I’m sure as big as they are, they still don’t do their own claims processing and use an outside clearinghouse for all their collected medical data as no normal non-medical company would want to have the headache of dealing with that.
I used to do consulting under HIPAA too. What you say is true but I don’t think the greater point is. Business associates do have access to some HIPAA data to do the parts of their jobs needed for health care facilitation and practice. However, that doesn’t mean that business associates can do whatever they want with that information even if they can see it. Using medical information against a customer by loss prevention or management would be something HIPAA specifically protects against even if they are allowed to see some of that information to do other parts of their job.
Why did she believe she was getting a gift certificate in the first place?
This is a little off topic, but it shocks me that we have these really strict HIPAA rules for most of the health care system, but if someone calls 911 for medical help it’s apparently legal to give a recording of the call to the press so people can listen to it for entertainment. I’ve brought that up here and people say things like “you’re using public resources, the public has a right to know what their emergency services are doing,” but by that logic any woman on Medicaid should have her gynecological exams posted on Youtube for the public to gawk at.
I’ve seen those, but not on Youtube. And some of them were Eastern European women.
I don’t think that the recordings of 911 calls I’ve heard involve any private information.
And what would they do if that happened with a customer who didn’t get prescriptions from Wal-mart? Wouldn’t they need a subpeona or something to get your records, meaning they would need a court order? Why do they get a pass on that because their pharmacy gives you meds?
I thought the point of HIPAA was that the information itself was private, which means people are not supposed to know the information without your permission. Ergo, the Privacy Statements that they are required to inform you who will have access, and the clauses about “written permission” with regards to anyone else not listed.
Unless Loss Prevention is investigating you stealing medications, they do not seem to have need to know what meds you may be taking, whether or not you fill them from Wal-mart.
Let’s review the claim as stated:
Lady: “Ouch, there’s a crack that I tripped on. That’s a safety hazard, you need to fix it.”
Manager: “Let me see about getting you a gift certificate. Give me inappropriate information, and you’ll be contacted.”
Loss Prevention: “We see here that you are taking meds X, which is typically given for diabetes, which often has vision symptoms. Ergo, you won’t be getting a gift certificate.”
I didn’t ask for the damn gift certificate, I pointed out there’s a tripping hazard in your parking lot.
Um, me? I do know I have complained, for instance, that the landscaping in the parking lot consisted of 6 ft + high bushy grass in the medians, which pose a significant vision impairment when navigating the parking lot. Fat lot of good that did, they said “Oh, we don’t own the parking lot, we just lease the building.”
Yeah, but people don’t see it as “random parking lot next to Walmart”, they see it as “Walmart parking lot”. And it is a safety hazard, regardless of who actually owns it. I would think if that’s your place of business you would have a legitimate interest in discussing with the owner from whom you lease regarding the safety.
But Loss Prevention sure is eager to tell me they aren’t at fault, so that I won’t sue them. :rolleyes: Fact is, I was much more inclined to sue them because they gave me the brush off. If I had been inclined to sue (and actually had grounds - being a patron might not be grounds without actually having an accident, I don’t know), that dismissal would have made me more inclined to press the issue. Whether or not the suit went anywhere, the publicity would have hurt Walmart’s reputation a lot worse than any settlement that I didn’t even want. (No, I didn’t sue. I just grumbled and went elsewhere.)
Shagnasty - you may be right, but I wonder if loss prevention may be a function of a larger group that maybe has a more ‘legitimate’ reason for accessing the medical records. This is completely hypothetical, as I have no idea how a Walmart works, but if I am in charge of managing inventory of the pharmacy, which might include shrinkage issues, I might have access to the records as a business associate. I have to believe anytime you have narcotics and a patient population that tends to be lower income, you have a higher percentage of addicts, thieves, etc., and you most likely have very detailed records on where every pill goes.
Now, lady trips on a crack, and reports her name to the greeter. Greeter reports it to the Manager, who reports it to this hypothetical group in charge of security/loss prevention/inventory for the store. Standard unwritten protocol is probably “assume it’s a scam, and look for evidence to support that theory, then contact the person to talk them out of a potential lawsuit”. It does strike me as unethical, but I’m still not sure it’s illegal if they have a more legitimate reason to access the information for other purposes. Either way, if I know Government offices like Health and Human Services, I’m sure it is very difficult to get them motivated to investigate a hearsay argument from a random customer against Walmart as I doubt it happens often enough to be noticed and is likely not a written policy of the pharmacy.
Regarding the 911 calls, I agree that this should be considered private information. If I have to worry that someone is going to get ahold of the tape of my call, and I’m calling about someone famous/powerful/involved in some legal action, I may downplay it. Now what if the drug overdose/heart attack gets downplayed to the point it isn’t given enough priority by the 911 dispatcher and the patient dies as a result? I have to imagine we’ll be seeing this play out with some celebrity in the future because their assistant is more worried at the time about TMZ getting the tapes then the death of their celebrity employer.
IANADispatcher but I was an EMT.
Dispatchers here have a fairly detailed flowchart of yes/no questions to ask like:
Is he breathing
Is he awake
do you see any blood or other injuries
etc, etc
the flowchart pretty much gives you a baseline criteria of if questions 1-4 are all the positive sign then this is not a life threatening situation, roll ambulance but no lights/sirens. If you say “not breathing” next question does not matter, alert hot seat dispatcher* of high priority call and start on intervention instructions with caller.
- the person who is actually talking to the ambulance crews on the radio as opposed to the ones answering the 911 calls.
Also those radio calls are often in the clear, no encryption, you can listen in with a scanner.
drachillix - Agreed that the calls are unencrypted and could be intercepted by scanner, but unless a paparazzi is so desperate for a lead that they are standing around listing to their scanner 24/7 and recording it, they are unlikely to pick up that specific call. It’s no different then if the celebrity/famous person is wheeled into the emergency room and someone sees them when they are brought in and alerts TMZ. It’s possible but of minimal risk.
The point is that they are able to get the calls after the fact through whatever Freedom of Information Act or other legal means allows them to uncover it, even though that call, in my opinion, contains protected health information and should not be considered releasable. Meanwhile, every assistant to those celebrities probably treats the call as if the TMZ people are effectively conferenced in, so they may be reluctant to provide details that will make the person look weak, out of control, fat, etc., even if they know it.
Forgot the famous people too. If I’m at my buddy’s house and I know he is in the middle of a bitter divorce which causes him to get stressed out, drinks too much, and then gets alcohol poisoning, I should not have to worry that his wife’s lawyer gets to find out that private information and use it against him to get custody of his kids. Indeed, maybe the whole reason he drank so much was because of her, and this was a one time occurrence. In court, however, all the judge is going to hear is my frantic 911 call that makes him seem like he’s completely irresponsible as a father, and they’ll be wondering “So does he drink himself into unconsciousness all the time, and this is just the one time he got caught?”
Yeah, I’m curious about this myself.
WM Associate: “Oh, Mrs. Smith broke her leg in the parking lot through our negligence? Well, trot her down to Housewares-we have some lovely Home and Garden spatulas today. For her, no charge!”
I agree, there’s something fuzzy in the description
A: “Hey, I tripped on this crack!”
B: “Let me get the manager.”
C: Why don’t we see about getting you a gift certificate?"
Seems an odd play of events that way. Now maybe it went a little more like this.
A: “Hey, I tripped on this crack, and I’m considering doing something about that.”
B: “Let me get the manager.”
A: “You’d better. Abusing your customers, this is outrageous.”
C: “That’s a small crack, but you say you tripped?”
A: “Yes, and Walmart is shameful.”
C: “I’m sorry you were injured, maybe I can get you a gift certificate to make it up?”
A: “You’d better!”
C: “Yo, Loss Prevention, we got another on aisle 4.”
It just seems odd that they would jump to a gift certificate, and not fill out an incident report to submit for safety review.
It seems odd they would ask for her SSN. Why would she give them that?
I recall some of the audio of the 911 call from Michael Jackson’s doctor made. He names the drugs that were present when he claims he discovered Michael. The audio I heard was not “bleeped”, so I got to hear what Michael was taking at the time of his death.