Nope. Any PillPack developer can look up any customer in seconds. Other employees have more limited access, but generally quite a bit of access. Access is logged in production, but developers can also get a clone of the entire production database pretty easily.
That's not necessarily a problem or a HIPAA violation, depending on how it's used, although the opportunity for abuse exists. They cover their ass with annual HIPAA training.
That's not necessarily a problem or a HIPAA violation, depending on how it's used, although the opportunity for abuse exists. They cover their ass with annual HIPAA training.