For the last 24 hours, I believed that my identity had been stolen. It turns out that it hadn’t been, but my personal information has been hijacked, so that’s not great, either.
Yesterday morning, I received an automated call from a CVS in a town I’ve never been to, telling me “my” prescription was ready (I have no prescriptions waiting to be filled). I called them, and they told me that Dr. E faxed in a prescription for Ambien two days ago. I have never heard of Dr. E, and I sure as hell don’t take Ambien. I have a three-year-old; the last thing I need to be doing is sleep-walking and sleep-driving and sleep-murdering him because I was dreaming that he’s a zombie. Fuck that shit.
They look like fluffy clouds... Clouds that you plow through in your car,
because you're driving off of a very high cliff.
CVS double-checked the prescription. It had my name, my date of birth, and my old address from two years ago. Oh, hell no. CVS had my phone number on file because I used to visit a different CVS a couple years ago, so that’s why I got the call. So now I’m thinking someone has found an old insurance card of mine in a landfill somewhere, and is running all over the state getting my insurance to pay for their drugs. I had CVS cancel the order and put a note on my account to ask for identification if anyone ever tries to fill a prescription in my name again.
But what about every other pharmacy? And what about this doctor? Was she in on it, or was she getting scammed by some junkie using my name? I got her phone number from the staff at CVS. It was Sunday, so I had to wait until the next day to call. I spent the rest of the day fantasizing about setting up a sting to take down the meth addict who’s been sullying my good name…
I called Dr. E’s office on Monday morning and told the receptionist my story. She confirmed that they did fax that prescription to CVS. I told her I’d never been to Dr. E, and she pulled up my record. “Oh, your primary care is Dr. K,” she says. Dr. K practices in a different office than Dr. E, about twenty miles away. I haven’t seen her in five years.
So, it seems that this whole mix-up was caused by someone clicking on the wrong name in Dr. E’s computer. But why was I even in her computer? I don’t see that doctor (or go to CVS anymore). I understand they have to keep my records on file for seven years, but they should be archived by now. And there is no reason for another CVS and another doctor to have my personal information so readily available to them. Don’t give me that guff about it being convenient for data to be shared over a network. If I ever decided to see Dr. E, it would be very easy for me to sign a consent form authorizing Dr. K to share my records with her.
When I saw Dr. K, I never consented to have my personal information shared with who knows how many other doctors and their support staff. It’s unnecessary, and obviously, it causes problems. My 24 hours of anxiety and phone calls are probably the best case scenario of something going wrong when your personal information is treated like a casserole recipe by a “network” of doctors. What if Dr. E’s receptionist was some crazy broad I went to high school with, who’s been harboring a vendetta against me for years? What if she’d stumbled across my name in their database and decided to do some real damage? I’d have no way of knowing.
When I signed the HIPAA notice at Dr. K’s office, I agreed to let her share my information with those who she deemed medically necessary. I figured that meant her nurse, and my insurance company. I didn’t realize that to her, that meant an office full of incompetent people three towns over who I had no intention of ever interacting with. From now on, I’m going to make it clear to every doctor I see that they are not to share my personal information with anyone who I deem unnecessary, since apparently, they are not good judges of that.