“Preregistering” for a medical appointment started by clicking a link in an email to reach a website with no obvious relation to the medical office, filling in a selection of my private bits, then being confronted by this wall of text:
———- Wall of text begins ———-
Review Phreesia Authorization
Please review the authorization below. A copy of this authorization form will be available at the front desk.
Authorization for Uses and Disclosures of Protected Health Information
Health-Related Materials
I hereby authorize my healthcare provider to release to Phreesia’s Check-in system my health information entered during the automated Check-in process, or on file with my healthcare provider, to help determine the health-related materials I will receive as part of my use of Phreesia. The health-related materials may include information and advertisements related to treatments and therapies specific to my health status. The materials may be provided by my health insurance plan, a pharmaceutical manufacturer or another healthcare entity. Phreesia may receive a payment for making such information available to me through the Check-in System or Phreesia’s Patient Communication Services including items such as newsletters, patient reminders for visits, medication/treatment adherence and other practice-related services.
If I am presented with an advertisement pursuant to this Authorization and I choose to request certain information and/or samples as described in the advertisement, then I further authorize Phreesia to disclose my protected health information to the advertiser as designated in the advertisement, such as my name, email address, mailing address, or phone number in order to receive such information and/or samples. Phreesia may receive a payment for releasing my personal information. The use and disclosure of my protected health information solely as set forth in this paragraph is valid only for purposes of when I choose to receive the information and/or samples, as described in the advertisement and until I receive such information and/or samples.
My healthcare provider is using Phreesia’s secure platform to enhance the patient-provider experience and eliminate inefficiencies associated with Check-in.
The following is the Authorization to provide me personalized educational health content and to allow Phreesia, on behalf of my healthcare provider, to conduct analytics using some of the information that I provide to gain insight into and support the effectiveness of this educational health content.
Utilizing Federal guidelines and its corporate policy, Phreesia, on behalf of my healthcare provider, ensures that all patient-related health information is protected by administrative, technical, and physical safeguards.
Phreesia will safeguard my personal information and will not use it for any purpose, other than to: provide health-related materials to me; anonymously analyze health outcomes in support of that educational health content, as well as to measure the effect of the health-related materials furnished to me on my communications with me or my family member’s healthcare provider (this analysis is computer-automated and involves no human review of my protected health information); and carry out any use or disclosure otherwise permitted by this Authorization.
Although there is the potential for information disclosed pursuant to this Authorization to be subject to redisclosure by the recipient and no longer be protected by federal privacy rules, Phreesia maintains administrative, technical, and physical safeguards as required by the Federal Government’s Health Information Privacy Rule, or “HIPAA,” to protect each patient’s confidential information. Phreesia does not disclose personally identifiable information to anyone other than each patient’s healthcare provider without this Authorization or as governed, permitted or required by law.
I do not have to grant this Authorization but, if I do not, I will not receive personalized health-related material or, as applicable, receive the materials as described in the advertisement. I understand that my healthcare provider will treat me regardless of whether I grant this Authorization.
I have a right to receive a copy of this Authorization. I may change my mind and revoke (take back) this Authorization at any time, except to the extent that my healthcare provider or Phreesia has already acted based on this Authorization. To revoke this Authorization, I must contact my healthcare provider c/o Phreesia in writing (including my name, date of birth, gender, home address and healthcare provider’s name) at: Privacy Officer, Phreesia, Inc., 434 Fayetteville Street, Suite 1400, Raleigh, NC 27601; or PrivacyOfficer@Phreesia.com. This information will not be used for any purposes other than to verify my identity in order to revoke this Authorization.
This Authorization is valid for the following time periods:
- One year from the date on which I grant this Authorization – for use in delivering personalized health-related materials from my healthcare provider on the Phreesia platform;
- When the Patient Communication Services Program concludes – for use in delivering Phreesia’s Patient Communication Services on behalf of my healthcare provider; and
- When the Analytics conclude – for use in Phreesia’s analytics programs
Phreesia is a business associate of my healthcare provider and is bound by federal law to protect and safeguard my privacy.
Authorization signed by: The patient, [me]
———- Wall of text ends ———-
I assume your eyes glazed over immediately upon seeing the text and it’s entirely reasonable to assume most folks simply select the “Agree” button (which doesn’t appear here), sign the form, and move on.
Having actually read the damn thing, it turns out to be an agreement to let Phreesia (apparently, all the good names were used up) spam me with medical advertising vaguely related to my current malady.
Look at that first paragraph again:
I hereby authorize my healthcare provider to release to Phreesia’s Check-in system my health information entered during the automated Check-in process, or on file with my healthcare provider, to help determine the health-related materials I will receive as part of my use of Phreesia. The health-related materials may include information and advertisements related to treatments and therapies specific to my health status. The materials may be provided by my health insurance plan, a pharmaceutical manufacturer or another healthcare entity. Phreesia may receive a payment for making such information available to me through the Check-in System or Phreesia’s Patient Communication Services including items such as newsletters, patient reminders for visits, medication/treatment adherence and other practice-related services.
“May receive a payment” indeed. I declined and haven’t died yet.
This could happen:
… there is the potential for information disclosed pursuant to this Authorization to be subject to redisclosure by the recipient and no longer be protected by federal privacy rules …
Scum, the lot of them.
