[astura]

Sure, they could provide medical services and interface with health insurance companies, then they'd be a covered entity under HIPAA. They could employ medical staff to prescribe tests and provide test results to patients, then they'd be a covered entity under HIPAA.

I don't believe HIPAA is outdated, I believe that people just very much misunderstand it. The full title is "Health Insurance Portability and Accountability Act" - it's literally a bill to regulate health insurance companies, it was never meant to be more.

Congress could pass a general medical privacy bill tomorrow, yet they appear to be extremely uninterested in doing so, so they don't.

Their business model is probably just offering this testing service at the moment, but their weasely response when asked if their data was covered by HIPAA makes me think that they are keeping selling data on the back burner as an emergency option.