Health data beyond HIPAA
In states with abortion bans, patients have more than their official medical records to think about.
“If I was giving my sister or best friend some advice, the first thing I would say is to be very careful about what data in general you’re generating,” Shachar said. “We think about medical records, but our phones collect an amazing amount of data. It’s not a good idea to send texts about your intent to seek an abortion. It’s not a good idea to use an online payment app to buy these services. You might want to leave your phone at home as opposed to taking it to the clinic. You may not even want to search for abortion providers on your phone or computer.”
Spector-Bagdady added that a large economy of health information also operates beyond the control of HIPAA, allowing the makers of period-tracking apps and other devices to share customer information with third parties in some instances.
“Some of these (businesses) have sold or shared information that is fully identified in the past with other companies such as Facebook,” she said. She noted a lawsuit the state of California recently pursued against Glow, a company that makes menstrual cycle tracking software, for sharing reproductive health information outside the app. But the violation in that case stemmed from more rigorous data protection rules in California that are not in place in other states.
In addition, neither HIPAA, nor state consumer protection rules, prohibit the disclosure of huge amounts of health information transmitted outside medical settings — in retail stores, social media sites, online shopping accounts, text messages, and elsewhere.
“The more online you are, the greater your exposure,” said Eric Perakslis, a health privacy and cybersecurity expert at Duke University. “You have your CVS account, your online patient portal, your email where appointment reminders are sent, your SMS stream on your phone. You can see how the threat compounds. It’s very difficult for people to think through that because they compartmentalize.”
Source: HIPAA doesn’t protect reproductive records from prosecutors – STAT
You must be logged in to post a comment.