@MATAK79 I wonder if this is related to that recent unscrupulous project that was advertising to buy secret recordings of therapy sessions. It was obviously for AI scraping purposes.

@_L1vY_ oh wow didn’t even know that happened. I did read something about better help or another of those online therapy things sharing data though. My doc suggested them and I said hell no.

@MATAK79@stranger.social @_L1vY_@mstdn.social

You told your doctor
why you said "hell no"? Not every doctor that recommends a given service knows about some services' fuckery.

@ferricoxide @_L1vY_ for future reference essentially hippa laws don’t apply to the internet or all of the internet? Look it up but there’s something there for sure.

@MATAK79 @ferricoxide HIPAA applies to any provider or their organization about releasing ANY patient information to anyone else, without express written consent of the patient. It doesn't matter what format or platform.

Follow

@_L1vY_ @MATAK79 @ferricoxide

HIPAA does apply to anything including Internet. The Devil is in the details...

In round one most of the companies on the edge of healthcare (health magazines, tech businesses surveying people about their needs before referring them to providers, meditation apps, even some scheduling apps) would claim (still claim) that either the data is not PHI at all or that they anonymize everything and send no PHI (name, SSN, diagnosis, etc.).

Then in round two The Office of Civil Rights at HHS (USA) came out with guidance calling bullshit on that -- labeling 3rd party tracking cookies, IP addresses, etc. as potentially PHI. We all know darn well that any data aggregator worth their salt collects data from multiple websites and then combines it in a unified database in which they can piece together identity even if no PHI is provided to them from the health/medical sources. A simple example -- health site A tells Google that I am looking at info on depression and my IP address. Also gives them a tracking cookie in my browser. Then I log into Gmail (so they have my name and email address and phone number and same IP address) and I mention feeling depressed to a friend in email. Then a televideo service screws up and sends Google "anonymous" data (such as IP address and tracking cookie) that I am logging into the specific telehealth portal of a therapist. Odds are pretty good that if Google wants to, they have an AI that knows with a high degree of certain that I have depression and what therapist I am seeing.

In round 3, I recently read where some of those more aggressive protections that the Office of Civil Rights was pushing were struck down in court. I apologize but I don't have the link or details handy. One of my healthcare infosec bots posted the article a few weeks ago.

@reederm @MATAK79 @ferricoxide Yep. It is very hard to hide your health tracks and also be online, and all your medical orgs are online.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.