Review Phreesia Authorization

“Preregistering” for a medical appointment started by clicking a link in an email to reach a website with no obvious relation to the medical office, filling in a selection of my private bits, then being confronted by this wall of text:

———- Wall of text begins ———-

Review Phreesia Authorization
Please review the authorization below. A copy of this authorization form will be available at the front desk.
Authorization for Uses and Disclosures of Protected Health Information
Health-Related Materials

I hereby authorize my healthcare provider to release to Phreesia’s Check-in system my health information entered during the automated Check-in process, or on file with my healthcare provider, to help determine the health-related materials I will receive as part of my use of Phreesia. The health-related materials may include information and advertisements related to treatments and therapies specific to my health status. The materials may be provided by my health insurance plan, a pharmaceutical manufacturer or another healthcare entity. Phreesia may receive a payment for making such information available to me through the Check-in System or Phreesia’s Patient Communication Services including items such as newsletters, patient reminders for visits, medication/treatment adherence and other practice-related services.

If I am presented with an advertisement pursuant to this Authorization and I choose to request certain information and/or samples as described in the advertisement, then I further authorize Phreesia to disclose my protected health information to the advertiser as designated in the advertisement, such as my name, email address, mailing address, or phone number in order to receive such information and/or samples. Phreesia may receive a payment for releasing my personal information. The use and disclosure of my protected health information solely as set forth in this paragraph is valid only for purposes of when I choose to receive the information and/or samples, as described in the advertisement and until I receive such information and/or samples.

My healthcare provider is using Phreesia’s secure platform to enhance the patient-provider experience and eliminate inefficiencies associated with Check-in.

The following is the Authorization to provide me personalized educational health content and to allow Phreesia, on behalf of my healthcare provider, to conduct analytics using some of the information that I provide to gain insight into and support the effectiveness of this educational health content.

Utilizing Federal guidelines and its corporate policy, Phreesia, on behalf of my healthcare provider, ensures that all patient-related health information is protected by administrative, technical, and physical safeguards.

Phreesia will safeguard my personal information and will not use it for any purpose, other than to: provide health-related materials to me; anonymously analyze health outcomes in support of that educational health content, as well as to measure the effect of the health-related materials furnished to me on my communications with me or my family member’s healthcare provider (this analysis is computer-automated and involves no human review of my protected health information); and carry out any use or disclosure otherwise permitted by this Authorization.

Although there is the potential for information disclosed pursuant to this Authorization to be subject to redisclosure by the recipient and no longer be protected by federal privacy rules, Phreesia maintains administrative, technical, and physical safeguards as required by the Federal Government’s Health Information Privacy Rule, or “HIPAA,” to protect each patient’s confidential information. Phreesia does not disclose personally identifiable information to anyone other than each patient’s healthcare provider without this Authorization or as governed, permitted or required by law.

I do not have to grant this Authorization but, if I do not, I will not receive personalized health-related material or, as applicable, receive the materials as described in the advertisement. I understand that my healthcare provider will treat me regardless of whether I grant this Authorization.

I have a right to receive a copy of this Authorization. I may change my mind and revoke (take back) this Authorization at any time, except to the extent that my healthcare provider or Phreesia has already acted based on this Authorization. To revoke this Authorization, I must contact my healthcare provider c/o Phreesia in writing (including my name, date of birth, gender, home address and healthcare provider’s name) at: Privacy Officer, Phreesia, Inc., 434 Fayetteville Street, Suite 1400, Raleigh, NC 27601; or PrivacyOfficer@Phreesia.com. This information will not be used for any purposes other than to verify my identity in order to revoke this Authorization.

This Authorization is valid for the following time periods:

  • One year from the date on which I grant this Authorization – for use in delivering personalized health-related materials from my healthcare provider on the Phreesia platform;
  • When the Patient Communication Services Program concludes – for use in delivering Phreesia’s Patient Communication Services on behalf of my healthcare provider; and
  • When the Analytics conclude – for use in Phreesia’s analytics programs

Phreesia is a business associate of my healthcare provider and is bound by federal law to protect and safeguard my privacy.

Authorization signed by: The patient, [me]

———- Wall of text ends ———-

I assume your eyes glazed over immediately upon seeing the text and it’s entirely reasonable to assume most folks simply select the “Agree” button (which doesn’t appear here), sign the form, and move on.

Having actually read the damn thing, it turns out to be an agreement to let Phreesia (apparently, all the good names were used up) spam me with medical advertising vaguely related to my current malady.

Look at that first paragraph again:

I hereby authorize my healthcare provider to release to Phreesia’s Check-in system my health information entered during the automated Check-in process, or on file with my healthcare provider, to help determine the health-related materials I will receive as part of my use of Phreesia. The health-related materials may include information and advertisements related to treatments and therapies specific to my health status. The materials may be provided by my health insurance plan, a pharmaceutical manufacturer or another healthcare entity. Phreesia may receive a payment for making such information available to me through the Check-in System or Phreesia’s Patient Communication Services including items such as newsletters, patient reminders for visits, medication/treatment adherence and other practice-related services.

“May receive a payment” indeed. I declined and haven’t died yet.

This could happen:

… there is the potential for information disclosed pursuant to this Authorization to be subject to redisclosure by the recipient and no longer be protected by federal privacy rules …

Scum, the lot of them.

Blog Summary: 2020

You can’t make up results like this for a techie kind of blog:

Blog Top Post Summary - 2020-12-31
Blog Top Post Summary – 2020-12-31

Given my demographic cohort, bedbugs suddenly seemed downright friendly.

Overall, this blog had 109 k visitors and 204 k page views. The ratio of 1.8 pages / visitor has been roughly constant for the last few years, so I assume most folks find one more interesting post before wandering off.

My take from the increasing volume of ads WordPress shovels at those of you who (foolishly) aren’t using an ad blocker continues to fall:

Blog Ad Summary - 2020-12-31
Blog Ad Summary – 2020-12-31

The CPM graph scale seems deliberately scrunched, but the value now ticks along at 25¢ / thousand impressions, adding up to perhaps $250 over the full year. Obviously, I’m not in this for the money.

The ratio of five ads per page view remains more or less constant. Because Google continues to neuter Chrome’s ad blocking ability, I highly recommend using Firefox with uBlock Origin.

WordPress gives me no control over which ads they serve, nor where they put ads on the page. By paying WordPress about $50 / year I could turn off all their ads and convert the blog into a dead loss. I’m nearing their 3 GB limit for media files on a “free” blog, so the calculation may change late next year.

Onward, into Year Two …

Hiatus

Posts will appear intermittently over the next week or two.

I’m still spending an inordinate amount of time studying the back of my eyelids while horizontally polarized in the lift chair. I can highly recommend not doing whatever it is that triggers a pinched lumbar nerve, but as nearly as I can tell, the proximate cause (shredding leaves) isn’t anything close to whatever the root cause might be.

It does provide plenty of time to conjure solid models from the vasty digital deep:

Wheelchair Brake Mods - solid model - build layout
Wheelchair Brake Mods – solid model – build layout

The wheelchair brake lever seems to have been designed by somebody who never actually had to shove it very often:

Drive Wheelchair Brake
Drive Wheelchair Brake

At least I can fix that

Comment Spam Attack

Of late, the blog has been getting 500 hits per day, with 60-ish on the main page and 30-ish on the post of the day. The “Hot Topics” posts (over in the right column, down a bit) account for a scant hundred more hits, with the remaining 300 hits distributed in onesies and twosies along the very, very long tail of 4200 posts.

Then this happened:

Spam Attack - Page Hits
Spam Attack – Page Hits

It seems a spammer noticed my posting activity and unleashed either a script or, more dismally, a stable of low-wage third-world workers to make a comment on every single post in the blog.

The Akismet scanner flagged three dozen comments made on the most recent posts, with the remaining 4500 (!) page views producing zero comments, because, some years back, I had disabled comments on posts older than a few dozen days. I disliked doing so, because I value comments from folks who contribute to the discussion, but …

The IP addresses seem to point back to compromised servers and pwned Windows boxes in the US, with very few foreign sources. The comments themselves consist of the usual gibberish, often run through a thesaurus (known as “spinning”) to improve the odds of evading the detectors. The payload seems to be the URLs attached to the random user names, all pointing to sites touting Vietnamese (!) scams, Russian pharmaceutical sources, online gambling dens, and the like.

And then, after two days, it was over.

Which is why I really really do not want to manage my own blog infrastructure, infuriating as WordPress-dot-com’s editor might be.

Blog Theme Shuffling

Over the next several days, I’ll be screwing around with trying out different blog themes, because WordPress has “deprecated” the theme I’ve been using since about 2011; it no longer works well with their most recent infrastructure. There being no way to tell how any given theme will look, how difficult creating posts may be, or (in truth) anything about a theme without actually running it, I’ll be doing live-fire exercises while posting odds-n-ends projects from the shop.

Some themes strongly suggest require a logo, so you’ll see this monstrosity until something better comes along:

Logo - Isolated 0D3
Logo – Isolated 0D3

Speaking of themes, you’re looking at a “free” blog on wordpress.com, not something I’ve conjured by installing the open-source blog infrastructure from wordpress.org on a server, which means few things you (think you) know about a “WordPress blog” apply. In particular, free blogs on wordpress.com lack access to the universe of themes & plugins applicable to a DIY FOSS installation.

(I think) I’d be perfectly happy to compose posts in Markdown (or some such) and slam them into a static site generator (Hugo / Gatsby / whatever), rather than slog through WP’s GUI editor, but I think my usual post-a-day pace conflicts with the fundamental assumptions of a “static site” generator.

I value blog comments from real people (you all know who you are and I thank you!), but blogspam presents a clear & present danger. Right now, Akismet kills nearly all the hundreds of spam comments per day; it’s obvious any blog comment system must include robust spam filtering. The alternative of, say, running a separate email list for comments seems far more trouble than it’s worth.

I absolutely do not want to sysop my very own blog configuration on a rented server / VPS / Digital Ocean Droplet / whatever. Things like WPengine.com would be attractive, except that this blog’s very long tail generates enough traffic to come very close to the 25 k visit/month upper limit of their “startup” plan; I’m reluctant to pay $100/month for the 100 k visit/month “growth” plan just to host my shop notes.

If you have recommendations / experience / horror stories concerning FOSS blogging software, add a comment or send me a direct note through the form at the bottom of the misleadingly titled “About” page.

For the next few days, remember: there is nothing wrong with your television set.