The federal law known as HIPAA that is meant to protect the privacy of patients "specifically allows medical centers to use patient information for fundraising activities," The Seattle Times
reports. "Information about diagnosis or treatment is off-limits, but federal and state laws allow hospitals, in most cases, to use a patient's name, address, contact information, dates of hospital service, gender, age and insurance status in fundraising efforts." Even though it is legal, the practice raises questions. HIPAA does stop providers from using patient information for commercial purposes, but opting out of the calls or fundraising appeals is not easy, and patients must often request specifically to be removed. Patients at the University of Washington Medical Center have found they have to send a letter to a privacy office to be taken off the list (Ostrom, 5/23).