> is mostly related to website information, not PHI or PII
If you are looking for an oncologist or abortions or whatever else, that's PHI. We know well that the industry has profiles on Americans and probably can identify you.
Exactly! If hospital systems are selling this, who is buying it? Health insurance companies. Then they can judge if they should still cover you or raise your rates.
Yes, and many other organizations also want this information. Your detailed profile is valuable, and my impression is that health info is particularly valuable.
> if an individual were looking at a hospital’s webpage listing its oncology services to seek a second opinion on treatment options for their brain tumor, the collection and transmission of the individual’s IP address, geographic location, or other identifying information showing their visit to that webpage is a disclosure of PHI to the extent that the information is both identifiable and related to the individual’s health or future health care
So either I'm closer to paranoid delusional or you're closer to being naive if you don't think that the people receiving this information cannot infer this data from your browsing session.
If you are looking for an oncologist or abortions or whatever else, that's PHI. We know well that the industry has profiles on Americans and probably can identify you.