Hacker News new | past | comments | ask | show | jobs | submit login

Two problems with that:

1. Many older patients don't use cell phones and are still on landlines.

2. Current processes would have to change. Currently healthcare companies first have to ask if the person picking up the phone matches name & DOB. If not, they need to ensure the person is authorized to receive the health information. This is done for confidentiality reasons (e.g. "hi your husband tested positive to $STD… oops you weren't supposed to know that, oh well have a nice day and tell him to make an appointment with us.").




> Two problems with that:

> 1. Many older patients don't use cell phones and are still on landlines.

> 2. Current processes would have to change. Currently healthcare companies first have to ask if the person picking up the phone matches name & DOB. If not, they need to ensure the person is authorized to receive the health information. This is done for confidentiality reasons (e.g. "hi your husband tested positive to $STD… oops you weren't supposed to know that, oh well have a nice day and tell him to make an appointment with us.").

Many healthcare providers now offer forms that allow you to specify the level of detail you would like for messages (typically the same form where you can add a verified contact who is eligible to receive medical information on your behalf). I was able to select something along the lines of "Leave the full details you are reporting, even if it is to a voicemail" though I can understand that that is not workable for everyone.


1. You would call them. A SMS would not go through.

2. I'm pretty sure they do that for actual callers: However, there are times they call a wife or sibling or child for a patient and they can't verify. Besides, these places DO leave voice mails asking folks to call back. This isn't much different.

Also, this last one could be resolved, but it would take some sort of stronger national digital ID. I have a secure digital mailbox for government stuff. Doctors and hospitals have a different system, but I use the same authentication for both (and payments, actually). This is a greater hurdle than dealing with robocalls, though.


I hate that shit. It basically ensures that if any identity thief in the world wants to know your full name and birthday, they just have to call you and ask. It also implies that knowing your name and birthday is an acceptable level of verification for disclosing private information. Which is it? Is the (name, birthdate) pair so private that it can serve as an authentication mechanism or is it so public that you can be expected to tell any random caller who asks?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: