Why does Quest Diagnostic need to know the name of my niece and where she lives?
I have asked Health and Human Services the same question.
Quest Diagnostic is a reference lab, probably most folks have heard of. Reference labs are large labs that analyze specimen that are collected in offices and hospitals and referred to them. Since they do bulk analyzing they can afford the equipment and skilled employees to do a lot of analyses that all but the hugest of hospitals cannot afford to do.
I had a physical this week. I filled out the usual first-time-patient registration with them.
The physician's office uses Quest Diagnostic to process its patient samples. (Blood cell count, serum chemistry etc.) The physician's office set up a portal access to my test results with Quest Diagnostic. It is likely that that portal system is purchased from and run by a contractor not Quest itself.
I set up an account yesterday and was asked the usual information that most sites ask when an account is set up.
Today I checked for my results. There were several series of multiple choice questions that I had to click through. Some of those questions asked me to click the type of automobile I own, to click the married name of my niece, to click what state she lives in, to click an address where I had lived 8 years ago, and the color of my eyes as it appears on my driver's license. The pages with these questions specifically state that the questions are being presented to protect HIPAA privacy. (Health Insurance Portability and Accountability Act)
Somebody had to invade my privacy and share personal information in order to set the questions up, under the guise of protecting the sharing of my medical information.
I am an MLT, if I had given out that kind of non medical information about a patient in a hospital or lab where I worked, I would have breached HIPAA and SOP and been fired.
The final bit of information requested was a box labeled. "Service date"
Americans do not call doctor's appointments "service dates," assuming that is what was being asked for. It was a required field, did not allow a date entry at that point I closed out of that site.
None of this personal information was requested by the physician's office when I registered with them, so it was all gathered by trolling without my knowledge or consent. It is information that they do not need for HIPAA id since a physician's office sent them the specimen and had already checked my id. and Health Insurance card.
Quest's email notifying me that they had set me up with the Quest portal site has a very long, date limited, id number.
If the id number was the security Quest needs that ties through me to the physician and back around to my test results from Quest, thus completing the secure id circle with the Quest site, why do they need to troll for personal information?
The only places they could have gotten information that I have a niece and what her first and married names are was either by hacking my email or through my brother's name.
When my niece and her location showed up as questions to click it creeped me out big time. Not only was Quest/contractor invading my privacy but they were, in effect stalking, her as well.
I guess all information on driver's license is now open to the public but why the hell does Quest need to know the color of my eyes, or what kind of car I drive?
My brother is my only close blood relative and so he was listed as the contact person on the physician's registration form. I also live with him in his house so his address was used in the Quest registration, but his relation to that address was not specified when I registered for the Quest site. It appears as though Quest used that address to hunt down my brother and then hunt down his daughter and where she lived.
I have never listed my niece as a relation on any form as we do not know one another very well.
This trolling invasion matters even more because my brother works for the IGO, has for decades, and so has attained and maintained a Security Clearance. Presumably Uncle Sam watches those folk and may wonder why he was trolled for info used as somebody else's security questions which, ostensibly, has nothing to do with him.
As a med lab tech I am expected, under HIPAA, and SOP to protect non medical patient information not just their medical information, to do otherwise could cost me my job and my career.
Quest apparently doesn't live by that standard.