I feel like there is a major liability PHI/HIPAA exposure with the questionnaire links that you send to patients to check-in. When the patient is checking in, they enter their name and date of birth, which means anyone with this info can enter it for another individual and get their pre-loaded health information/address/SSN. I understand the patient has to have an appointment within a week to pop up, but I am specifically thinking of individuals going through a divorce and the spouse knows they have an upcoming appointment. What if they use the kiosk link to obtain their new address or other PHI? I feel like this is a major security and liability exposure that needs to be looked into and addressed ASAP. A simple way to fix this is for a secure text to be sent to the phone on file asking if it is the patient requested to access this form.
Guest
