How safe is our data anyway? (not an April Fool’s Joke)

I want to tell you about something scary that I went through yesterday. From about 2004 to 2010, I wore glasses. I mostly wore them for distance issues; I had also been told by some doctors that I had astigmatism. I was up at the Student Prince in Springfield ( a great German restaurant with American specialties as well) and I started having a headache. I thought my prescription was too strong, which likely wasn’t the case, and I simply gave up on the glasses. So, for the past 4.5 years, I have survived without them. I didn’t think much of it, however I know that I can’t see well at night and struggle with anything on screens more than 3 or 4 feet away. It was time.

I could have gone just about anywhere, but for convenience sake I decided to make my appointment with a department store that has an optical shop. I was able to book my appointment online and thankfully a slot was open within 3 hours of me checking availability.

However, something really creepy happened when I met with the optician (not the Optometrist) that handles new patient paperwork. She said – “Your insurance is Aetna, __name of wife’s employer____ right? I was so shocked by this, it went right over my head. I said, “No, I will be paying for this one myself.” The fee for a basic exam was $75; I didn’t think this was outrageous and I simply planned to pay it. My appointment with the doctor went fine, but at the end of the appointment he said “Oh, you don’t have to pay because you have Aetna, “___name of wife’s employer___.” Again, I was dumbfounded. I told him I was a self-pay and I didn’t even have my insurance card anyway. He encouraged me not to worry, they could pull all of that information off of their computer system.

I wasn’t angry, but my head really began to spin at this point. How did they have all of this information on me? No one on our insurance plan had ever been to this practice. They were able to look up my insurance company and my wife’s employer (the plan sponsor) simply by me giving my name and date of birth on their website-based appointment reservation form. I never provided a social security number. I did provide my home address, which I don’t even know that the insurance company has since we just moved in January. I don’t know how honest these people in the store are. I even offered to run home and get the insurance card. Back in the retail shop portion of the clinic, the optician told me they had that covered also. I simply needed to provide my wife’s full name and date of birth and they could retrieve the policy number for me. I didn’t even have to wait around.

I never signed a HIPAA form at any time during this process; I never showed my license. This experience really proved to me that with your name and date of birth, bad guys really have the keys to the kingdom (or at least have the door halfway open) on the way to identity theft. I never had such an easy time registering with a medical provider in my life. It’s possible that all of this sharing came about with the implementation of the Affordable Care Act (aka. ObamaCare), but I don’t know. The whole experience made me want to get out of there as fast as possible. I will give the eyeglass shop credit for one ethical practice. They did not pressure me or even ask if I wanted to buy my glasses there. I wasn’t planning to beforehand and their loose access with my data didn’t give me a reason to stay.

Have you had this experience with a medical provider lately?