Michael J. Horwath, M.D.

February 24, This office has always maintained the highest level of concern regarding patient confidentialityThis confidentiality extends from the standard requirements of compliance regarding HIPAA as well as PCI compliance with transmission of credit card dataThe credit card data is kept under the closest security and not used unless an actual transaction is performed.Sincerely,

[To assist us in bringing this matter to a close, you must give us a reason why you are rejecting the responseIf no reason is received your complaint will be closed Administratively Resolved]
Complaint: ***
I am rejecting this response because: unless it is a payment for an immediate bill, there is no right for the doctors to keep sensitive information on record for months until the appointment and put customers in harms way.It is quite clear the doctors office is using arbitary and dated procedures to deal with their customersin light of recent credit card thefts and information breaches they can never guarantee the level of protection they have in their officesI was denied an medical appointment because I wanted to protect my information, this is extremely unfair business practice by the doctors office.Please see link below of an article I read recently that justifies my concern***Pasted below is point #of things doctor doesn't need to know from the article is quite self explanatory."Any Financial Information Not Used to Pay Your Immediate Bill
There’s absolutely no need for a doctor’s office to keep your credit card on file
If someone in the front office asks if you’d like for them to file this
information, politely declineThey may also ask to write your driver’s
license number on your check in order to help them collect if your
check bounces; ask them if they can use another means of verification
(one that isn’t your SSN or other sensitive info)Doctors
are bound by the Hippocratic Oath to first do no harm and while they
may be very good, or even the best, at what they do, the continuing
parade of breach announcements in the health care area is a clear
indication that many haven’t a clue when it comes to information
securityAll the laws in the world, even the most vigorous enforcement
of those laws, cannot supplant our individual responsibility for
self-protectionOur identities are our assets and it is incumbent upon
each of us to trust less and be covetous of our personal identifying
informationJust because someone is trained to save a life doesn’t mean
they can’t innocently put it in harm’s way."
Best Regards,
*** ***
Regards,
*** ***

February 24, 2014
This office has always maintained the highest level of concern regarding patient confidentiality. This confidentiality extends from the standard requirements of compliance regarding HIPAA as well as PCI compliance with transmission of credit card data. The credit card data...

is kept under the closest security and not used unless an actual transaction is performed.Sincerely,

Review: I called an endocrine doctor as a new patient, the receptionist gave me an appointment of July 31 ...i.e six month away. What concerned me was that she requested to have my credit card information on file until I show for the appointment. In light of all the news reports how credit card numbers are being stolen, I informed her I am uncomfortable having my credit card information sitting around in a file for 6 months. She immediately said she cannot give me an appointment and there is nothing she can do. I would like to know if this request is considered illegal on her part. The doctor is -Michael Horwath - ###-###-####.I wanted to report this as I wonder how many patient credit card numbers they have lying around in their filing system, it is quite unnerving.I question the legality of this practice.Desired Settlement: I would like this unfair practice of taking credit card information for long periods of time resolved as per law. I would like to keep my appointment July 31st if possible or get an earlier appointment.Thanks You[redacted]

Business

Response:

February 24, 2014This office has always maintained the highest level of concern regarding patient confidentiality. This confidentiality extends from the standard requirements of compliance regarding HIPAA as well as PCI compliance with transmission of credit card data. The credit card data is kept under the closest security and not used unless an actual transaction is performed.Sincerely,

Consumer

Response:

[To assist us in bringing this matter to a close, you must give us a reason why you are rejecting the response. If no reason is received your complaint will be closed Administratively Resolved]

Review: [redacted]

I am rejecting this response because: unless it is a payment for an immediate bill, there is no right for the doctors to keep sensitive information on record for 6 months until the appointment and put customers in harms way.It is quite clear the doctors office is using arbitary and dated procedures to deal with their customers. in light of recent credit card thefts and information breaches they can never guarantee the level of protection they have in their offices. I was denied an medical appointment because I wanted to protect my information, this is extremely unfair business practice by the doctors office. Please see link below of an article I read recently that justifies my concern. [redacted]Pasted below is point #4 of things doctor doesn't need to know from the article is quite self explanatory."Any Financial Information Not Used to Pay Your Immediate BillThere’s absolutely no need for a doctor’s office to keep your credit card on file.

If someone in the front office asks if you’d like for them to file this

information, politely decline. They may also ask to write your driver’s

license number on your check in order to help them collect if your

check bounces; ask them if they can use another means of verification

(one that isn’t your SSN or other sensitive info).Doctors

are bound by the Hippocratic Oath to first do no harm and while they

may be very good, or even the best, at what they do, the continuing

parade of breach announcements in the health care area is a clear

indication that many haven’t a clue when it comes to information

security. All the laws in the world, even the most vigorous enforcement

of those laws, cannot supplant our individual responsibility for

self-protection. Our identities are our assets and it is incumbent upon

each of us to trust less and be covetous of our personal identifying

information. Just because someone is trained to save a life doesn’t mean

they can’t innocently put it in harm’s way."Best Regards,[redacted]

Regards,