|
|
|
|
|
|
by nobody9999
1352 days ago
|
|
|
>HIPAA applies specifically to covered entities under its law. Its basically health care providers and health insurance companies. If you aren't one of those covered entities and youre not telling that info to a covered entity, there is no PHI. An excellent point. Which is why I don't share my Fitbit data (uninstalled the app after set up, no syncing of data) with Fitbit (now Google) and will (assuming it works as advertised) likely be moving to a MiBand with GadgetBridge[0] in the near future. And thanks to vanous[1] for posting[2] here about it a couple weeks ago. I have no interest in sharing my health (exercise regimes, sleep cycles, heart rate, etc.) information with folks whose raison d'etre is to snarf up as much data as possible. What's more, since these folks aren't "covered entities" under HIPAA, they aren't required to put in the special safeguards for your health data. And more's the pity. [0] https://codeberg.org/Freeyourgadget/Gadgetbridge [1] https://news.ycombinator.com/user?id=vanous [2] https://news.ycombinator.com/item?id=32965166 Edit: Fixed typo. |
|
|
Data brokers for pharmacy have your prescription data, your doctor is not protected information and other aspects of your care are available to many entities for purposes like insurance subrogation that also create data products.
HIPAA protects you from gossiping clerks at health facilities and HR. It prevents the use of some bad IT practices, and forces you to sign lots of disclosures. That’s about it.
If you want that type of information to be private, don’t collect it or don’t share it with 3rd parties in an accessible form.