Yes. I am aware that the PIN# is only used for the registration process (unfortunately). The IT support for Centricity for all of our practices told us that. Because the e-mail address is the only "secure" identifier, we were told, that accounts for why one patient was able to see another patient's information - because both were legitimately registered in the Patient Portal. You are right - since the e-mail was not correct for our patient, she never did receive the e-mail. The e-mail was "correct" for another patient who also uses the same portal, however.
As you hint at toward the end of your message - even a patient could mistakenly enter his/her own e-mail address. In fact, when the other office changed the e-mail of our patient, it could be that they were accurately entering what the patient told them her e-mail was, but she gave an incorrect e-mail address. The message intended for this patient didn't go to her, but to the wrong patient - who also happened to be a patient in a practice using this shared medical record. Being a legitimate "community" member (patient) of the system - that e-mail address was "correct" for her. If she was asked (at the portal level) if this e-mail address was a "correct" address for her, wouldn't she verify that it was? Wouldn't that still let her see the other patient's private health information?
Also, I had this thought. I think someone above was trying to say that only one person in the system could have a particular e-mail address. So, if Patient X registered using one e-mail address and then Patient Z tried to register using the same e-mail address - that couldn't happen. (Is that correct?) However, many of us have more than one e-mail address. So, if Patient Z happened to enter an e-mail address that was wrong for Patient Z, but was another e-mail address of patient X - though not the one she registered with - then Patient X would still get e-mail intended for Patient Z. If it had been a while since registering, Patient X might not remember which e-mail she registered with. Even if X did think it was with another e-mail address, she might second guess herself and wouldn't have any reason to be suspicious the message was meant for someone else. (I don't know exactly what the patient sees when they go to log into the portal, so I will run your ideas by our IT and see what they say. Maybe it would work, if they aren't already doing it that way.)
It all gets back to this, though: I still can't understand why there isn't a second level of protection - a special, unique PIN# for each patient to use in addition to his/her e-mail address. Then, if the message landed in the wrong patient's e-mail, when that patient went to the portal, she would have to enter a second unique identifier and if it didn't match, then she couldn't see the other patient's information. I don't understand why GE doesn't insist on this. I am not a tech person, just a doctor, so can someone please explain to me why this hasn't been done? Is it really so difficult in this day and age....when the banking community seems to have figured out how to do it decades ago? We were told that GE has no plans to do this. Why not?
(I really appreciate all the comments. This is very interesting.)
Posted : February 6, 2014 2:24 pm