[dead]

Even if contractors/intermediaries consider themselves bound by HIPAA, the protections are lighter than one would think, in the political environment we find ourselves in.

Notably (though I'm not a lawyer, and this is not legal advice) - https://www.ecfr.gov/current/title-45/part-164/section-164.5... describing "similar process authorized under law... material to a legitimate law enforcement inquiry" without any notion of scoping this to individuals vs. broad inquiries, seems to give an incredibly broad basis for Palantir to be asked to spin up a dashboard with PII for any query desired for the administration's political agenda. This could happen at any time in the future, with full retroactive data, across entire hospital systems, complete with an order not to reveal the program's existence to the public.

Other tech companies have seen this kind of generalized overreach as both legally risky and destructive to their brand, and have tried to fight this where possible. Palantir, of course, is the paragon of fighting on behalf of citizens, and would absolutely try to... I can't even finish this joke, I'm laughing too hard.

I'm old enough to remember we literally had a Captain America movie, barely more than a decade ago, where the villains turn private PII and health data into targeting lists. (No flying aircraft carriers were injured in the filming of this movie.)

Clearly, we learned the wrong lesson there.

HIPAA privacy arose indirectly from its administrative simplification provisions concerning its main goal of standardized electronic health data. Privacy is not "why HIPAA exists".