"Why?", you are obviously asking yourself at this point. "Why would the CHEESE be issuing such a warning on a sleepy and rainy Saturday morn?" "Well, just sit right back and you'll hear a tale...a tale of a faithful trip. That started from this tropic port...aboard this tiny ship."
WAIT!?! I seem to be stuck now in 70's TV shows!!! Back to the point...being afraid. Or, at the very least, CAUTIOUS. On the Internet and with your personal health care information. Now, let me weave my tale of intrigue and espionage. All right. Hopefully INTRIGUE. Because EVERYTHING I'm about to tell you was LEGALLY obtained without any clandestine act. And the manner in which I obtained it lies right beneath your fingertips.
Y'all recall my recent "upset" (hehe...that's putting it mildly!) with Club Med & the Tysabri Issue? Well, I haven't posted much more information about this because I have been allowing Club Med ample time to make necessary "adjustments" I tasked them with in a follow up email letter shortly after my meeting with the *heads of state*...or, enough time to hang themselves with ample rope. Either way, here is an excerpt of my follow up email/letter I sent after the meeting:
**Specific issues raised concerning confidentiality/HIPAA as well as providing direct patient care and accuracy of information to patients will be discussed with departments/employees involved in these concerns.
This was listed in a recap of what we had discussed and what Club Med PROMISED to follow up on. I have not shared THIS part of my Tysabri debacle because it didn't really relate as much to the Tysabri issue itself, but more to the Health Care Delivery System failure that has/is occurring. But, hey...gloves are coming off as I prepare my next and perhaps FINAL letter to Club Med about the Tysabri issue(s)! (So, Club Med...if you are reading this, and YOU know who YOU are!...a follow up letter is a comin' 'round the bend.) Here is the condensed version of just one of MANY issues that happened at Club Med while getting my 7/29/08 infusion:
I was asked to register at the main registration area for my Tysabri infusion. I approached the desk and was greeted by a pleasant enough woman, who asked for my name. Because I already know the Club Med system has more than ONE of me with my exact name (different date of birth, however), I quickly rattled off my date of birth and the last four digits of my social security number...because I KNEW she was going to ask for this anyway. And this is where my interaction got "funky".
The registration lady looks in her computer and asks me, "Are you any relation to HD?" (This person has the same last name as I do in their computer system and is a male)
"Ah, no", I say rather dumbfoundedly, wondering why I am even being asked this question by a total stranger.
"Oh. I thought maybe you were twins with HD because you have the exact same birth date and he is also having a procedure done at Club Med at 1:00PM today", the registration lady says without a care in the world.
One could have heard a pin drop during the deafening silence as I stood perplexed and STARING at this complete imbecile. Did she REALLY say what I just think she said??? Did she REALLY just release this man's private health care information (HIPAA) to me without so much as a THOUGHT that this violates a federal law as well as potentially gets her a$$ fired?!? Yep, she did.
"No", I say with a look of absolute horror and complete awe. "No. We are not twins and I am NOT related to ANYONE in your computer data base."
And thus begins the continued tale of "fear" I am about to tell. I advised the *heads of state* of Club Med of this issue (among others), more to lord it over their heads in hopes the "fear" of serious federal fines might "encourage" them to listen more closely to what I had to say. They assured me of the above red paragraph: "a re-education of employees regarding HIPAA would occur". Somehow, I doubt that. Seeing as how they have YET to send ME the letter they also promised from the Neuro Clinic where I see Dr. SWWNBN...something ELSE they promised:
**"CLUB MED" will be notifying their Tysabri patients in writing with exact costs or clear estimates of what the patient/their insurance agencies can expect to be billed by "CLUB MED" for the delivery of Tysabri medication at the Hospital's ambulatory infusion center. I can also personally expect this information be provided to me as soon as possible so I may have informed consent in my medical treatment choices without further unreasonable delay.
Yeah right...I can see they got "right on that"! LOL
Soooooo...my NEXT and possibly FINAL letter to Club Med (before I take action on contacting all of the regulatory boards, insurance company, my employer, the newspaper, AND the federal agency that regulates HIPAA) that I have been composing will include exactly WHAT can happen when a health care organization releases private HIPAA-protected information on their patients. And, I'm going to demonstrate to YOU, dear CHEESE reader, just how vulnerable YOU can be on the Internet with just your last name and date of birth!
I obviously HAVE the first and last name of "HD", the other Club Med patient, as well as his date of birth. This is WHY I only sign my name as "Linda D." on all correspondence (unless family or someone who already knows me HAS this information) and you only know my birth date falls in July "sometime". This is also why I maintain a Post Office Mail Box address as my primary mailing contact, my phone is unlisted and unpublished, and unless you know me REALLY well, you've never been to my house!
The above paranoia actually comes from being stalked by a former client while leaving Houston and moving to Seattle. At one point, I even had my driver's license address listed as my post office mail box (on the suggestion of a consulting attorney) until the DMV "caught" this and MADE me put my livable address on it! I have had sheriff's deputies try to deliver criminal trial subpoena's to my PMB because they got it off my driver's license...even THEY couldn't find me...this worked. For about three years until I had to renew the license per State protocol.
Anyway, to make a long story LONGER, please take no offense if I NEVER provide you with my last name or date of birth or address...I have reason to potentially DISTRUST YOU!
So, back to the Club Med story. I decided to LEGALLY obtain some information about HD (not to use against HIM) to present to Club Med, just so they could SEE how much information I can get all off the Internet with just this guy's name and date of birth that they without-a-care released to me. **Please let me stress here (because some of you know the work I do lends me access to certain individuals private HIPAA also), everything I obtained about HD was obtained FROM the Internet, and not from any personal files or illegally.** And here's how I did it:
I now know HD's home address, his phone number, the address of the property he sold in 2003, how much his mortgage was, who he sold the property to, that he has not been in the local jail(s) this past year, he has never been sued, his date of marriage, his wife's full name AND her date of birth. **THUD**
How? By using data bases that are available to ANYONE!!! And, if I continued digging (which I am NOT), I'm sure I could find out MUCH, MUCH more about this individual...all legally obtained with just his first and last name and date of birth. BE AFRAID...BE VERY AFRAID.
I'm going to quickly link the data base searches I used on the Internet to find this information. Several are local or regional data bases (but your county or state PROBABLY has these available on the Internet, too).
First, is ZabaSearch.com . You can look up anyone in the United States and, if you know their approximate or actual age, this is helpful, too.
Next is the Sound Politics Washington State Voter Registration. If you are a registered voter in the State of Washington, I'm sorry to tell you that, not only is your current ADDRESS given out here (minus the last digit of the street address, which is listed as "o" or "e" for odd or even number...real tricky...sigh), but also the last time you voted AND your date of birth.
The Washington Courts website as well as my specific County Records website provides marriage records, property transaction records, bankruptcy, lawsuit, and other information...all with just a LAST name and a date of birth.
The King County Jail Inmate Search lets me know if "HD" has been housed in this facility in the past 365 days (or other area local jails).
And, of course, there is always the infamous Reverse Directory that allows one to get the phone number of a specific address without knowing the name of the resident.
And...sigh...there are MANY MORE PUBLIC DATA BASES out there to find you in, ALL WITH LEGALLY OBTAINABLE INFORMATION. I stopped here because I only needed enough information about "HD" to prove my point to Club Med. AND, I have no criminal intent to USE this information, except to "encourage" Club Med to follow through on what they have already PROMISED to do.
But YOU, my friend, should be afraid...BE VERY AFRAID! Because, if someone as knuckle-headed computer illiterate as myself can find this information online, ANYONE can. And just because a website or Blogger or anyone else asks you for your date of birth to "proceed" through an online registration or forms process on line, it does NOT mean you must provide your ACTUAL DOB...make something up...make up a last name...just don't put this information out there for 6 BILLION people to access (in your profile on Blogger/Facebook/AOL/Yahoo, etc! Because chances are, there is at least ONE criminal lying in wait among that 6 Billion population ready to use your personal information.
I'm just sayin'...(reviving my old, infamous, signature line)...