[austincheney]

Absolutely not. HIPAA regulates the medical and insurance industries, which Facebook is certainly not. If you broadcast medical data to the public or put it in a newspaper HIPAA does not apply, much like this case.

Best case scenario, and this is still a stretch, is that Facebook could be guilty of slander if they describe you has suicidal and that description becomes known to a third party without your consent.

[dajohnson89]

>known to a third party without your consent.

Sneaky suspicion: consent is given upon account registration.

[sjg007]

Maybe, but I think health information disclosure has a lot of rules to it (at least based on my experience) where authorizations expire after 1 year etc... So I don't think a blanket exception applies. And although Facebook is a public forum not all communications are public per se so it's not clear what a disclosure is... maybe it is sufficient for Facebook to say that the information was "disclosed to us" and we are free to do what we want with it, including using an AI bot to alert emergency services. It seems like a big gray area.

[austincheney]

> Facebook is a public forum not all communications are public per se so it's not clear what a disclosure is...

It doesn't matter. Once you surrender data to Facebook it is theirs to do whatever they want with. That is the disclosure. There is no gray area. If you don't want Facebook having that information then don't give it to them.

[fragmede]

Facebook is known to collect key presses. If I express a desire to commit suicide in a status update, but don't actually post it, thus not showing it to anybody except Facebook, would that (should it?) be covered by HIPAA? What if I keep paper diary? What if it's in Google docs instead?

[austincheney]

No, because you have no obligation to disclose anything to Facebook. If you choose to disclose this to Facebook that is your mistake. You absolutely must disclose medical information with a medical provider and with your insurance company.

> What if it's in Google docs instead?

If you didn't put it there than somebody has violated your privacy or violated HIPAA.

[sjg007]

I think it is unclear. For example Apple has HealthKit which collects health related data.. That data is probably HIPAA protected. If it's not (and if Facebook is not) then I would imagine we will see legislation and/or lawsuits to clarify things.

[dsp1234]

Apple is not a covered entity under HIPAA[0], and thus has no liability for the data it collects.

"If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules."

[0] - https://www.hhs.gov/hipaa/for-professionals/covered-entities...

[sjg007]

Apple is most likely a business associate by definition.