Curbside Consult with Dr. Jayne 1/15/24

I’ve been practicing in the telehealth space since before the pandemic. We deal with a lot of situations that other physicians don’t want to deal with – patients calling for antibiotics, patients with questions about lab results they received through their patient portal after most physician offices are closed, and requests for refills on chronic medications for patients who haven’t been seen by their physicians in a long time period.

Most of the primary care physicians I talk to are grateful that we are out there as a buffer, allowing their patients to receive care without having to be on call 24×7 themselves. However, this week I discovered that apparently a subset of physicians thinks that those of us who practice telehealth exclusively are less than “real” physicians. A newly formed physician education program refused to let me join because I didn’t have an ID badge that has a hospital-style “PHYSICIAN” designation on it. In fact, I don’t have an ID badge at all, which was also an issue.

I submitted a copy of a different photo ID along with a copy of my state medical license, thinking that would suffice. Instead, they asked me for my National Provider Identifier number, which was particularly silly since that can be found via a web search. Once I provided that, they wanted copies of my medical school diploma and residency completion certificate. I’m not sure why a state license wasn’t sufficient, and I hope they had fun trying to read the Latin on my diploma. I had to go digging for those documents since I’m not one of those folks that has them hanging on my office wall. Next time I’ll just use the magic of computers to make a simulated ID badge and be on my way.

The entire experience was annoying, though, and impacts not only telehealth physicians, but any physician who isn’t working in a clinical setting. One doesn’t stop being a physician because they’re not seeing patients. I am definitely going to address this once I am established in the program.

Speaking of annoyances, I had to deal with some annoyances from CMS this week. I received an email from the CMS Identity Management System telling me that my account was going to be deleted due to inactivity. I attempted to log on but couldn’t, and the password recovery system presented a security question that I swear I’ve never seen in my life, because I would have said it was ridiculous if I had. It asked me to provide a telephone number for a relative that was not my own number. I tried to guess when it was that I had set up the account and tried some numbers, which of course were not correct, and the account was locked. The system unhelpfully told me that I needed to call the help desk associated with the application I was trying to access, which was also silly because I have access to multiple applications through the CMS Enterprise Portal. Each of them has their own help desk.

Of course, I was trying to do this at 10 p.m., so I waited until the next business day when I had a gap in my schedule and started calling help desks. The first one was closed because their office hours are only until 4 p.m., and the second one allowed me to hold for 11 minutes and then disconnected me. I called right back and went directly to an agent, so I can only assume their phone system was having a momentary malfunction. The agent clearly had no idea how to help me and was reading from a help desk manual and couldn’t even pronounce some of the application names. He provided another phone number to call. That agent asked me for a bunch of personal data. I finally interrupted and asked whether she’d like to know why I was calling. She seemed surprised that I would want to tell her that. I told her my story, and she said, “Oh, so you just need a password reset?” Bingo! She switched gears and did the reset, giving me a 15-character complex password that I had to write down.

Fortunately, she stayed on the line while I did the reset. The process requires two-factor authentication. I chuckled when I got to the screen that recommended Google Authenticator because it’s supported for “iPhone, Android Phone, and Blackberry.” I wonder how many Blackberry devices they get accessing their system these days. Finally, I was able to set a new password and was on my way. The agent disconnected and I went to set a new security question, since I still had no idea what the answer was for the one with a relative’s phone number.

The list of security questions had some interesting choices. Not only were they strange, but they’re also things that change over time for many people, which doesn’t make them a good security question. The highlight reel:

• What did you earn your first medal or award for? Hmmm, was it swim team or horseback riding in elementary school? I have no idea.
• What is your favorite movie quote? I’m at a point in my life where I can barely remember the things I’m supposed to remember, let alone the specific grammar and syntax of a movie quote.
• What music album or song did you first purchase? I seriously have no clue since it was more than 40 years ago.
• What was the first computer game you played? Truly have no idea here either, although I was tempted to put Oregon Trail due to the lack of good questions.
• What was your grandmother’s favorite dessert? I can’t wait until I’m old enough to have a grandchild call and ask me this.
• Where were you on New Year’s Eve in the year 2000? I think the better question for healthcare workers was where we were on New Year’s Eve in 1999, since many of us were in Y2K hell.
• Who is your favorite book/movie character? I read more than 50 books a year, so I wasn’t touching this one.
• Who is your favorite speaker/orator? I can’t remember the last time I saw the word “orator” and was tempted to put Abraham Lincoln, but I knew I wouldn’t remember that down the line either.
• What is your favorite security question?

I couldn’t believe it when I got to that last one. Again, how would I ever remember the syntax if I selected that one? Maybe “what is the answer to your favorite security question” would have been a better option, since it wouldn’t involve more than a word or two. Still, the entire experience was bizarre and fortunately I was quick enough to grab a screenshot of the list of crazy questions. I sent it to one of my favorite online security experts who replied with four different kinds of eye-roll emojis and GIFs. You can’t make this up, folks. Thanks to CMS for keeping it real.

What’s the weirdest security question you’ve seen? Leave a comment or email me.

Email Dr. Jayne.