The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
With the increase in hacking that is going on today, I would be careful about stating "fairly confident".
Nobody said they were not operating within the law; that is, until patient data gets loose. However, I am fairly confident that if YOUR medical history, or someone in your family's medical history got all over the internet, you would be the first to complain.
The statement echoes so many of the true life crimes where the people always say "we never thought that would happen here, to us".
, I am fairly confident that if YOUR medical history, or someone in your family's medical history got all over the internet, you would be the first to complain.
Why? Are you embarrassed by your medical history?
If someone posted that you were treated for a heart attack on such and such a date and then had your tonsils out another date, then had gonorrhea on this date, etc., etc., I would not care. Why do you?
And if someone did steal data they are going to steal millions of files so if they post millions of patients data the likelihood that anyone who knows you will see your data is very slim.
Don't misunderstand, I am all for privacy, but if someone's health care data is leaked, I have zero interest in finding out what the leaked data is. You could not pay me to go looking at the stolen data.
Because I'm not going to be goaded into wasting my time cutting and pasting things so they can be presented to you in a way your tiny little mind can comprehend. Is everything handed to you on a silver platter?
I hate to break this to those of you living in the US, but here are exerpts from an email that I received recently. Whatever Google does, the horse left the barn long ago:
[S]tarting in 2003, changes made to HIPAA eliminated your right to control the disclosure of your own medical records. The phrase “patient permission” was changed to “regulatory permission.” This one rule change means your medical records can now be disclosed to any "covered entity," including data clearinghouses, accounting firms, law firms, and banks without your permission. In certain circumstances, your employer can obtain “regulatory permission” to view your medical records.
Your medical records can even be released to marketing companies if what they’re selling is related to your condition or how it’s treated; the management or coordination of your care; or involves alternative treatments, therapies, health care providers, or other care settings.
What's more, a federal rule that went into effect in 2006 allows lenders to obtain or use medical information for determining if you qualify for credit. They can’t do it directly, but if they gain access to your medical records, they can legally share it with their "affiliates." This magically converts the data into credit information, not medical data.
Indeed, your “protected health information” can be disclosed without your authorization in 12 different scenarios. Consider this diagram from thedatamaporg[^] showing where the data of “You, the Patient” is shared.
Thus, when you visit a physician or health care facility in the United States, never assume that what you disclose to them will remain private. And the “HIPAA Notice” almost every medical facility requires you to sign as a condition of treatment virtually guarantees your medical records will be used, disclosed, and disseminated without your consent.
You can, of course, request that your physician or other health care provider restrict disclosure of your personal medical data. But they are under no legal obligation to comply. Nor do they have to state a reason for denying your request, or for that matter, respond to it at all. And even if they agree to a restriction, in some cases, they might be prohibited from honoring it.
Really. Your dates are interesting. Because when I went to work for a large health care service company in 2009 until 2018, I had to take a HIPAA exam every year; and none that verbiage was ever in those exams. So I will assume that your dated information (2003-2006) was changed somewhere along the line.
If anything, they kept tightening the regulations.
So I guess by your info, the company was just wasting money creating and forcing these exams on employees based on the current HIPAA regulations during that period just for fun.
You have any new info as of 2021 by any chance? Because I would like to see what they are now.
They're neither my dates nor my info. It was taken verbatim from a recent email from someone who deals with privacy and related issues as a business. None of it would surprise me, but I don't currently live in the US. The unauthorized disclosure of information would have applied to your job, but there's also the question of what's authorized. Do your own due diligence.
Let's see if I have this right. You used data from a RECENT email that contains information relating to 2003 and 2006 to make a statement as to the CURRENT HIPAA regulations to make your point. Remarkable.
My due diligence has nothing to do with the the current HIPAA regulations. It is dictated to those who work with the data.