| ▲ | childofhedgehog 2 days ago |
| Why would anyone think that a non-HIPPA compliant app would keep medical information private to the level of security needed for medical data? Flo has definitely breached user trust, but that trust seems misplaced from the get-go. |
|
| ▲ | gizmo686 2 days ago | parent | next [-] |
| People are used to living in highly regulated markets. When they go to a grocery store to buy lettuce, people don't stop to ask "what regulatory regime is this lettuce being sold under?". They just trust that food being sold in a food store will meet our societal standards for food. I can go to Amazon and order a raw steak for delivery, and still trust it will meet standards. The situation with wellness apps is that they are a product that are designed specifically to exist outside of the regulatory regime that people associate with them. |
| |
|
| ▲ | john_strinlai 2 days ago | parent | prev | next [-] |
| >Why would anyone think that a non-HIPPA compliant app would keep medical information private to the level of security needed for medical data? because lots of people dont know what HIPPA is, and (naively to us more familiar with tech) assume that a medical-related app on a curated app store would be safe for medical-related stuff. |
| |
| ▲ | ceejayoz 2 days ago | parent [-] | | > lots of people dont know what HIPPA is Ironically, it's HIPAA. You're right, though; it's much more limited than people think. During COVID people claimed everything violated HIPAA (masks, vaccine requirements, testing), but it only applies in a very narrow subset of patient/provider relationships. | | |
| ▲ | FireBeyond 2 days ago | parent [-] | | Very much so. Also ironically, as a healthcare provider (paramedic), HIPAA expressly allows me to get your healthcare information without your consent (as needed for your care). A lot of facilities have you sign paperwork to explicitly authorize sharing, but that's really just a CYA. "Does the HIPAA Privacy Rule permit doctors, nurses, and other health care providers to share patient health information for treatment purposes without the patient’s authorization? Answer: Yes. The Privacy Rule allows those doctors, nurses, hospitals, laboratory technicians, and other health care providers that are covered entities to use or disclose protected health information, such as X-rays, laboratory and pathology reports, diagnoses, and other medical information for treatment purposes without the patient’s authorization." Source: https://www.hhs.gov/hipaa/for-professionals/faq/481/does-hip... | | |
| ▲ | haldujai 2 days ago | parent | next [-] | | The bigger gap is for healthcare and business operations which is very broad and includes datasets for AI training as one example. | |
| ▲ | ceejayoz 2 days ago | parent | prev [-] | | That seems entirely unironic and reasonable, though? | | |
| ▲ | FireBeyond 2 days ago | parent [-] | | 100% reasonable (and often necessary - pill shopping, psychiatric concerns, etc. And not irony in the Act itself, more people's perception of its intent. | | |
| ▲ | pseudalopex 2 days ago | parent [-] | | It is not reasonable to disregard patients' consent so generally. Specific purposes could have specific exceptions. | | |
| ▲ | FireBeyond 2 days ago | parent [-] | | I think the key is in the course of treatment. I agree that it's not and never should be a free-for-all with PHI just "because you can". But if I, as an EMS provider, are treating someone for, say, an overdose, it is rather germane to my treatment of you that you have a history of suicidal ideation or attempts, even if you'd rather I wasn't able to gather that information from another provider's records (because you'd "rather not" be subject to a mandated hold/evaluation if it appears that your overdose was intentional). I don't need to know, and don't care, if you're transitioning and I'm seeing you for a seizure, for example, it's not relevant. If you're unconscious and I need to see if I can see history or diagnoses or etc., as I'm determining the risk of an intervention to perform on you, then, I may discover that detail, again, in the course of your treatment. It's not a blanket "I don't care whether you consent or not, I'm pulling your records from the EHR. Sucks to be you." |
|
|
|
|
|
|
|
| ▲ | elAhmo 2 days ago | parent | prev | next [-] |
| People just wanna track stuff, they don't really look into is something HIPPA compliant or read the ToS. App store push, recommendation, word of mouth are what makes the app like this spread, not really details HIPPA compliance. |
|
| ▲ | xbar 2 days ago | parent | prev [-] |
| "Because Apple and Google said my data was safe, so it must be safe in the apps. What's hippa?," said more than 50% of the population. |
