My doc was able to electronically access my Meds from my pharmacy 's computer without my authorization. These electronic records, mandated by law by ACA (Obamacare) spell the end of privacy. HIPAA requires our authorization, but in reality, privacy is breached a lot. It's creepy.

All you have to do is spend a few minutes on facebook to see that everyone knows everything about you. My husband's facebook does NOT have ads for multiple sclerosis or bladder slings, yet mine does?

Yes, it is creepy

The meds prescribed by my GP are from a different pharmacy than the pharmacy my neuro uses. I couldn't believe it when it showed not only the medication but the dates I purchased them as well.

Hi its2much:

Your prescription information was shared because it's part of your medical history. One of the principles of good medical practice is that, in order for a doctor to treat a patient properly, s/he must have access to as much of the patient's medical history as possible. Ideally, all of it.

Now that third-party payers are responsible for virtually all of the medical care in the US, mandates were long ago put into place for "best outcomes." (It includes the reduction of bad outcomes that could have been prevented if certain information had been known.) And of course that means best outcomes at the lowest possible cost.

Sharing of healthcare information is one of the means to achieving that goal. The coming of the electronic age has made that much, much easier. In fact, the electronic age spurred the development of the goal and the process.

This is a monumental undertaking of huge proportions, and it didn't start a mere few years ago with Obamacare and the American Recovery and Reinvestment Act of 2009. The federal mandate for electronic medical records and electronic claims processing goes back at least 25 years. (Some of the members at MSWorld hadn't even been born yet. )

So as part of the process of meeting best outcome and electronic processing goals, your prescription information was, by some means, shared with your treating practitioners by becoming part of your overall electronic medical record.

You'll have to ask your neurologist's office which medical information system they're hooked into and how the information flows. It could be that your GP and the pharmacy and your neuro are all using the same medical records system, which puts all of your medical information into one place, and that your health insurance company isn't involved. But it's also possible that your health insurance company is using the same system, too.

You don't remember giving authorization for the sharing because, for this individual occurrence, you didn't. But at some point, when you or the principal enrollee signed up for your medical insurance, you or that person signed a statement saying that you all agree to go along with the requirements and restrictions of your health plan. In the back end or fine print of the enrollment form was a clause that authorizes the insurer to share information with any entity that's necessary for the delivery of and payment for your healthcare. That's what's necessary for smoothest operation and lowest cost.

There might be other clauses, too. My healthcare insurer's policy forbids the filing of malpractice claims and instead requires enrollees to participate in binding arbitration.

Of course anyone is free to decline to agree to those terms. But doing that means that they can't get medical insurance. Those kinds of agreements aren't optional.

This is where HIPAA is frequently misunderstood. The privacy provisions of HIPAA apply only to "outsiders" who aren't involved in people's medical care. That means that your preacher's wife can't call Medicare to find out why you use a cane so she can tell all the other ladies at church. And your bank can't pry into your medical information to try to find out if you're a good bet for a long-term loan.

But it's HIPAA itself that allows for the free exchange of information among all entities that are involved in the delivery of and payment for medical care. This is the authorization that health insurance companies operate under. Authorizations for sharing of individual pieces of information aren't required. In fact, those millions of individual authorizations would bring the system to a screeching halt. And that would negate a main reason for electronic records and payment systems in the first place.

So in short, when you signed up for medical insurance, you authorized the sharing of your medical information with entities involved in your medical care. This is an unsettling illustration of what that means in action.

The Internet advertisers don't know that you have MS. They give you ads based on your online activity and search history. The advertisers want to be relevant to what you've been looking for.

You're getting ads for MS and bladder slings because you searched for something related to MS or visited a Facebook page about MS. As soon as your husband searches for something about MS or visits a Facebook page about MS, he'll start getting the same MS ads on Facebook that you do.

Start searching for information about shoes or outboard motors or mortgages and then pay attention to what kind of ads show up for you on Facebook. If you want the MS ads to be replaced by something else, just start searching for something else. You can even make a game out of it.

There is no authorization required for Doc to Doc communication. It is good practice and your providers should have access to any and all medications you are prescribed. In Maryland there is now a database that providers can access that shows ED visits as well as narcotics, stimulants and benzodiazepine prescriptions state wide.

I am glad they can access records. Less chance of screw ups and errors, as each does not have to record separately and me having to retell. I also don't have to go to multiple places to get record corrected, if need be.

It also prevents patients from getting/filling multiple prescriptions independently. Some patients would do this to get higher dosage for themselves, while in other cases, people sold them.

An jreagan was right on the mark on ads. It used to be you could just clear browsing history and cookies to eliminate. This still works for sites not logged in. But once logged in, they save info to a database. And mobile apps, no chance. You OK lots of this in accepting/installing app and they know your phone number all the time. So easy to associate to individual, and then home address, phone, name, et c....

Some of this is good, some is creepy. But it is the world of technology now.

My husband and I think the med list is actually from the insurance company. Test results between Drs and parts of your chart I have always had to sign release papers for. One Dr can not simply say they want your records. I picked which Drs I wanted my new Dr to get records from. I have so many Drs.
Have a great day.
Laurie

Agree that most likely your insurer on Rxs.

I have only had to give permission to doctors in few occasions:
1. initial appt, which indicted OK for neuro to share records with PCP or any treating physician specialists. They always review current doc list. So while not individually authorized, it is implicit.
2. if changing physicians, then sign individual authorization from old office to new.
3. if consult needed for 2nd opinion or additional expertise

If doctors are in same hospital affiliation, they can easily access shared database, even if not your physician. But a good system keeps track of who inquired to the record, as well as updates.

Doc to Doc communication without specific consent is allowable under HIPAA. There is no reason I can think of where it would be beneficial for all providers to not be privy to treatments and medications a patient is receiving.

http://www.hhs.gov/ocr/privacy/hipaa...sures/482.html