[tippytop]

HIPAA is no joke. Even if this company is technically in the clear, being associated with a controversy like this is enough to keep doctors from using the service. Makes me wonder if they had any domain knowledge at all or just a "Yelp for doctors" pitch and some mumbo-jumbo about big data revolutionizing healthcare.

[clarkevans]

(I'm not a lawyer, but) I doubt they are in the clear. Sounds like they injected a public survey in a communication channel previously reserved for private interaction with their doctor. Perhaps the patient (state privacy law), doctor (business associates agreement), and the government (via HIPPA) have standing.

Under 42 USC § 1320d-5, penalties for wilful neglect are $10k per occurrence, up to 1.5M. There are also criminal penalties for up-to ten years for those who "knowingly" disclose individually identifiable health information for commercial advantage.

[jtheory]

Ah, it's not willful, though. They apparently assumed that every single patient would read and understand the tiny, italicized grey print warning to not include personal information.

[thetylerhayes]

sidebar:

> HIPPA

HIPAA

very common mistake.

[ninjac0der]

When companies advertise on TV that they automatically (patient need not request or accept each order) ship replenishment supplies for C-PAP based on eligibility... yeah... HIPPA is a joke.

[mbreese]

How is that in any way related to HIPAA? The patient has to contact the company and give them their information. The company then bills their insurance. No one is exposing their private health information.

[ninjac0der]

I'm pretty sure HIPAA made the rule that patients must accept everything billed to insurance (or something to that effect), so I think it makes sense that they would be responsible to making sure it's enforced.

Point being, HIPAA isn't taken very seriously.

[josh2600]

HIPAA isn't taken seriously until shit hits the fan, much like FINRA or any other piece of alphabet soup.

I've seen companies closed over HIPAA violations, and I've seen folks go to jail. It's totally ok to ignore HIPAA until it isn't and by then it's too late.

Some people play chicken with the federal government and some don't. As always, it is up to your particular risk profile.