Patient name on meeting history

It would be great to see the patient’s name on the meeting history log. This could really clarify things.

3 Likes

Hello and thank you for contributing to our discussion board.
Currently, the meeting history contains no Patient information b/c that helps add to our level of security and HIPAA compliancy. Nowhere with doxy.me is patient health info stored or recorded. I’ve chatted with other providers who use their own note taking programs or EHR to store all of the PHI and use our meeting history as a resource to cross reference appointments. Thank you for you input.

1 Like

What about an identifier that keeps things consistent, but does not identify the client per se. So, a randomized number for example, that is consistent for that login. At least then we can match up meetings on our end

1 Like

Hello, this is an addition that we have certainly been brainstorming. I will let the development team know about your request and suggestion. Thank you and stay well.

Would a phone number be appropriate?

A phone number could be too easily linked with the patient’s identity, and for this reason is among the 18 identifiers of protected health information under HIPAA. Those 18 identifiers are:

  • Names
  • Dates, except year
  • Telephone numbers
  • Geographic data
  • FAX numbers
  • Social Security numbers
  • Email addresses
  • Medical record numbers
  • Account numbers
  • Health plan beneficiary numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers including license plates
  • Web URLs
  • Device identifiers and serial numbers
  • Internet protocol addresses
  • Full face photos and comparable images
  • Biometric identifiers (i.e. retinal scan, fingerprints)
  • Any unique identifying number or code

You can read more about phi here.

3 Likes

I think a random sequence of numbers used consistently to identify the patient would be ruled out as one of HIPAA’s 18 identifiers of protected health information. One of the 18 is: any unique identifying number or code.

@Adam that list of unique identifiers was helpful; thank you! How about even initials that are derived from the log in screen. So if they logged in as Jane Doe then it would be “JD” and if they just logged in as Jane then it would be “J”. Even that would help. Even a first name would help. Are those initials or just first name PHI? We have the list of appointments but lining them up is so difficult for billing from your blank meeting history. :scream_cat:

I’m not a lawyer are a HIPAA expert, just to get that out of the way. But I think initials would be covered by either the first or last items on the list. If the serial number to a phone or car (which is on the list) can be too easily linked to the patient’s identity, then I would think initials are too. The point is that it should not be at all useful for identifying the patient. First names are definitely out.

It’s also worth saying, it is not illegal to use these identifiers. Only that they identify protected health information, and require extra security and caution. Our policy is to just never store such information on our servers, so providers and patients know there is no chance of compromising patients’ privacy.

I understand the frustration about the lack of identifiers in meeting history. As my colleague Gwen said above, the development team are brainstorming a solution to this. But it is a very difficult question. It will be interesting to see what happens.

Another customer did post their own solution to the payment issue here in the forum. Perhaps this will help you (the instructions refer to your Stripe account, this info is not stored on doxy’s servers):

2 Likes

@Adam went to the supreme being (Internet-LOL) and confirmed your suspicions:

May parts or derivatives of any of the listed identifiers be disclosed consistent with the Safe Harbor Method? No. For example, a data set that contained patient INITIALS, or the last four digits of a Social Security number, would not meet the requirement of the Safe Harbor method for de-identification.
Methods for De-identification of PHI | HHS.gov

One could use the patient’s appointment time as the identifier, I think. Gil Carter, MD, JD, BCFP

But maybe not if appt time is emailed to patient.

VSee keeps all history for their waiting room. Are you saying VSee is less secure or not HIPAA compliant. Or are you saying Doxy does not wish to take on the additional responsibility of securing historical data?

Not sure about the providers or billing areas you have spoken with, but having this additional information is essential and the lack thereof is considered by nearly all our providers to be burdensome.

I have my Chrome set to notify me when a patient checks in the room. I can see my past notifications and they have the date/time and “Jane Doe is now in the waiting room”.

That seems less HIPAA-compliant than a list of names or numbers stored in a place where I would have to log-in securely to see them.

Perhaps the notifications should not include the patient’s sign-in name if you really want HIPAA compliance. I don’t even have to have Doxy open to have the patient’s notification pop up on my iphone locked screen (which I’ve since turned off for privacy!) or my Macbook notifications.

Greetings
Pertaining to what you mentioned about ‘additional responsibility,’ aditional responsibility equals more money and resources. We continue to support hundreds of thousands of free users because we want to make this service accessible to everyone. This has always been our philosophy and never changed. Meanwhile, VSee’s response to the pandemic was to shut off new registrations and do away with their free version right when people needed it the most.
This has been a feature that many providers have stated would be extremely useful and our development team will be tring to come up with a solution that works and works well yet still is completely secure and HIPAA compliant.
Thank you for your feedback and please keep it coming because that is how our platform becomes better.

Hi Gwen,

I am not a proponent of VSee, but seems like an apples-oranges comparison you are offering. Not trying to get in an internet argument. Free captures a user base, I get the economics of that. It develops a constituency, and via word of mouth companies profit. I digress. Analytics and reporting, as mentioned, are not available to a free base. Therefore, as a paying customer of Doxy and am drawing a comparison between two paid products.

We prefer the ease of Doxy and the transition from VSee to Doxy was VERY smooth. Most have liked it. Thank you for responding and my take away is that the developers are well aware. The other platforms, free, paid, free-then-not-free providers have analytics, reporting more robust than Doxy. My feedback is to enrich the product we currently use, and to keep from changing down the road.

Well, it also allows people to have access to their doctors at a time of social distancing and global economic shutdown. There’s that too.

You implied that we don’t store patient data on our servers because we are afraid of “responsibility.” It has in fact been a tradeoff to keep the platform lean and efficient, allowing us to offer a means for providers and patients to hold consultations without having to pay extra for it. This philosophy paid off for everybody when we were able to continue offering our services and onboard hundreds of thousands of new users at a point when people were desperately in need of it. I think this is the company taking on responsibility, not shying from it.

You are right, rethinking this policy is something our developers are well under way with. We’re always looking for ways to improve the platform. But maintaining the simplicity and accessibility that is the hallmark of our platform is always going to a priority for us.

1 Like

I repeat I am not being party to an internet argument. There is a Zero Patient data policy with Doxy from onset. I understand why. This keeps costs down (storage, development, security, etc). This cost would be said to carry to the customer; and usually does. This approach is fully appreciated from this poster.

However this policy will limit reporting and how customers can respond to the examples I provided. Doxy has its reasons for the policy. Once again I am not arguing about responsibility as it pertains to accessibility. Free captures a user base, it is a well know business practice, and is not a negative piece. It is how Free operates, how it exists (word-of-mouth advertisement, etc). I am not going to head into a marketing strategy discussion or definition.

Please Doxy, provide better reporting tools and data. I cannot see if providers are even logging in without going into each account individually. I cannot match provider with patient via reporting to gauge length of visit. I cannot tell how all my providers are performing overall; over specific periods without using scripts. Please provide a way to move forward in an enterprise or mid-size business sense by utilizing these requested tools to assist in delivering better patient care through accountability and training. Help us save money by paring down accounts not being utilized. All of these things make it back to the patient in the end. If we are able to bill, report, and deliver even more efficiently in this new time, Doxy will bridge the gap between amazing ease of use and higher level management and administrative capabilities.

Your responses are mostly focused on a few sentences I have typed. Please look at the heart of the posts and take Doxy to the next level. I would be excited to see that.

1 Like