This is a textbook HIPAA violation.
this post was submitted on 18 Jun 2024
456 points (98.1% liked)
News
21662 readers
6508 users here now
Welcome to the News community!
Rules:
1. Be civil
Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. Trolling is uncivil and is grounds for removal and/or a community ban.
2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.
Obvious right or left wing sources will be removed at the mods discretion. We have an actively updated blocklist, which you can see here: https://lemmy.world/post/2246130 if you feel like any website is missing, contact the mods. Supporting links can be added in comments or posted seperately but not to the post body.
3. No bots, spam or self-promotion.
Only approved bots, which follow the guidelines for bots set by the instance, are allowed.
4. Post titles should be the same as the article used as source.
Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.
5. Only recent news is allowed.
Posts must be news from the most recent 30 days.
6. All posts must be news articles.
No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.
7. No duplicate posts.
If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.
8. Misinformation is prohibited.
Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.
9. No link shorteners.
The auto mod will contact you if a link shortener is detected, please delete your post if they are right.
10. Don't copy entire article in your post body
For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.
founded 1 year ago
MODERATORS
Didn't Facebook and insurance companies got caight sharing data...
Whatever happened there... Probably nothing.
Facebook put tracking pixels on all sort of medical websites, including websites that provided abortion services. Many of the companies with the tracking pixels didn't even have anyone in them who understood tracking pixel technology.
Data brokers regularly obtain medical information about people and even if it can't legally be used to discriminate against someone, all this information gets in through the back door through personality profiles that measure things like "resiliency" and "tenacity."
Did you need to take a break from work due to severe depression? Well that can't be legally used against you when you apply for a new job. However, since you couldn't tough it out at work, you do have a "less resilient" personality and that will be factored into a personality profile used to exclude you from jobs. They are doing this using AI now to try to get this information in through the backdoor and make it legal, and since many of the pieces of data from data brokers have no clear source of origination or clear consent obtained, these companies claim they are not relying on privileged medical information.
It's appalling and discriminatory and these companies should all be destroyed, their offices bulldozed, and the earth salted afterwards. The executives running these companies should all be castigated for what they do. They are profiting off of a data brokerage hack turning medical information into discrimination and then trying to white wash it.
Eventually, large greedy law firms will see they can make a lot of money with class action suits for disabled people who were collectively harmed by white-washing medical problems into personality profiles and these companies and their practices will become huge liabilities because they can't determine the data sources and whether consumers actually opted in. (And almost all consumers exploited by these nefarious practices monetized by sleazeballs don't opt in.)
This a great write up that expanded my understanding on the issue. So thank you.
I doubt anything will change, the state is actively supporting this behavior.
Best people can do it is try to protect themselves which is mostly a futile exercise.
Everyone who works in these industries is slime and worst of all, they make posts about adhering to regulations with #compliance hashtags to try to trick people that a large part of what they are doing isn't white-washing backdoor data that includes confidential information.
They are tricking the stupid corporations and masses to extract money, but will eventually become a liability because the data lacks consent. But all the scum working at all these terrible companies using AI and feigning compliance will eventually depart once the legal vultures start to circle, leaving shareholders to be the ones losing money.
Most of the value of the treachery of these companies is the victims never know that they have been exploited. Someone who takes time off work occasionally for severe depression may in fact be a worse worker and so companies profit from exploiting this trick and companies do not notify job candidates when they have been eliminated as candidates based on personality profiles that incorporate medical information or traits that are proxies for medical information and/or based on medical apps or health websites.
Virtually all health sites sell information to data brokers. Where do people think that goes? It goes into personality profiles to eliminate less healthy job candidates.
Some of these companies and data brokers are using AI to circumvent the design of laws, and pretend that complex programs are somehow compliant while achieving the same intent, but all the compliance hashtags don't exculpate them from their sleaze. Many of these companies that try to white wash this data show how their practices aren't discriminatory to women or minorities and that pacifies governments and seems palatable, but they make their money from getting rid of other protected classes of people that are less obvious.
It's just pure slimebag grifting, the whole thing, and eventually people wise up because their is profit in suing these assholes for their avaricious racket.
Amen!
They also buy your tax data to cross reference income...
Good thing people got nothing to hide tho lol
It was H&R Block and all those other online tax services who did that. It was a terrible violation and I wish those companies would all be just broken up, sued into oblivion, and their CEOs personally liable for this on both a civil and criminal level. It was one of the worst data breaches, without being a breach, ever and just vomit inducing treachery.
Here is a hot take, most breaches ain't breaches!!!
Its inside jobs... People exiting and securing their comp IMHO
The following post my be completely wrong based on new updates to HIPAA and previous suggestions that were not added as expected to revisions. There is one reply below this saying it's wrong, and they are probably right. This whole post is probably mostly wrong, therefore. I'm leaving it here for now, but it's incorrect.
It's not a textbook HIPAA violation.
HIPAA has a good-faith exception allowing medical professionals to disclose private medical information when it's in the best interest of the patient.
What is in the best interest of the patient?
Well, following all the rules of the government, which are all there for people's safety, of course!
For example, Norma gets pregnant and abortion is legal and she has an abortion. She is relying on HIPAA to keep her medical privacy.
Abortion then becomes illegal after she had her abortion. A hospital worker, knowing that abortion is illegal, provides this information to the police so that they can monitor Norma to make sure she doesn't get more abortions. This would be a good-faith exception to HIPAA because the medical worker is breaching Norma's privacy in Norma's best interest because he is worried she could break the law by having more abortions, and following the law is always in the interest of safety, no matter what. (Have doubts? Just ask ChatGPT if it's ever safer to not follow public rules and regulations because of having a different personal belief system.) Norma then sues the medical worker and claims the good-faith exception violated HIPAA, and a court then is left to decide whether this worker was acting in Norma's best interests, by helping make sure she follows the law, or doing something bad. If the court finds against the worker, it's at best a slap on the wrist and small fine, but if the hospital worker is in a conservative court, the worker is going to win anyway.
Worst of all, as a patient, Norma can not opt-out of the good-faith exception. There is no mechanism in the HIPAA rules that allows her to say "You know that good faith exception? I am explicitly requiring you to close that loop-hole for me because I'm a private person, my family and I have different values, and it's just easier for me this way. I don't want to have to worry about you deciding something that would make me uncomfortable. If I want you to talk to someone, I'll give explicit consent beforehand and even emergencies or unusual exceptions don't change this." There is no way to opt-out of this awful ambiguous rule. In the medical industry, you either accept their rules and regulations or you walk away and don't get medical care.
So sadly, you're actually totally wrong. I hope this doctor who breached patient privacy claims HIPAA wasn't violated in just this way so that legislators realize how much they fucked up and so that patients no longer have to hope and pray their doctor doesn't decide to break privacy in a patient's supposed best interest. There are so many exceptions and rules change so much that it's no wonder that women will no longer talk with doctor's about periods, and women are even afraid to tell therapists about having been raped in certain states.
It's honestly better for patients, especially women, to start seeing the medical establishment for what it is: a highly regulated arm of the government who does exactly what it's told in order to keep getting high salaries and wages. Don't adhere to the government rules? Goodbye high salaries! They don't dare bite the hands that feeds, and women are luckily wising up to it.
If this doctor gets convicted, it will be because of the false pretenses he allegedly used. He is also only being charged by the federal government which is more liberal and if it were up to the state government of Texas this person never would have been charged. The situation is far more dire that this feel-good idea that there's real enforcement over this sort of thing when the reality is there explicit loopholes written into the laws to allow it.
You seem very confident in your answer, but the actual text doesn’t seem to match your assertions?
https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
There are three exceptions to the definition of “breach.” The first exception applies to the unintentional acquisition, access, or use of protected health information by a workforce member or person acting under the authority of a covered entity or business associate, if such acquisition, access, or use was made in good faith and within the scope of authority. The second exception applies to the inadvertent disclosure of protected health information by a person authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the covered entity or business associate, or organized health care arrangement in which the covered entity participates. In both cases, the information cannot be further used or disclosed in a manner not permitted by the Privacy Rule. The final exception applies if the covered entity or business associate has a good faith belief that the unauthorized person to whom the impermissible disclosure was made, would not have been able to retain the information.
But they cited ChatGPT. Surely that should lend them some authority, right?
You're either partly right at least or I'm at least not up to date on things. It looks like there are recent additions to the rules based on the abortion case Dobbs and in addition, some of the proposed changes I read about in an article may not have been added in. Many people were complaining about HIPAA preventing them from finding out about family members who were hospitalized and there were discussions about changing things, but you may be right and none of those changes were incorporated into the actual HIPAA rules.
When I read about proposed changes to HIPAA, I figured they would be passed because it seems like the trend is erosion of individual privacy always in the interest of whatever the government says, and I didn't verify everything prior to my reply.
Good catch. It appears at least initially I'm wrong and you're right. I'm going to research it more later, but it likely won't change things.
Also to clarify, under the rules, certain actions may not constitute a breach to begin with and therefore the breach rules may not apply and also the exceptions may not apply.
The big difference is that all those exceptions only apply to an authorized party, i.e. a health care provider authorized to care for the patient. In this case, the doctor in question was never authorized - none of the patients were in his care.
good point
It looks like there are updates to HIPPA based on concerns about Dobbs, so I am probably wrong overall.
But:
"Even when the patient is not present or it is impracticable because of emergency circumstances or the patient’s incapacity for the covered entity to ask the patient about discussing her care or payment with a family member or other person, a covered entity may share this information with the person when, in exercising professional judgment, it determines that doing so would be in the best interest of the patient. See 45 CFR 164.510(b)."
i may not be wrong after all?
https://www.law.cornell.edu/cfr/text/45/164.510 (3) Limited uses and disclosures when the individual is not present. If the individual is not present, or the opportunity to agree or object to the use or disclosure cannot practicably be provided because of the individual's incapacity or an emergency circumstance, the covered entity may, in the exercise of professional judgment, determine whether the disclosure is in the best interests of the individual and, if so, disclose only the protected health information that is directly relevant to the person's involvement with the individual's care or payment related to the individual's health care or needed for notification purposes. A covered entity may use professional judgment and its experience with common practice to make reasonable inferences of the individual's best interest in allowing a person to act on behalf of the individual to pick up filled prescriptions, medical supplies, X-rays, or other similar forms of protected health information.
It doesn't seem like this exception can be waived. What are emergency circumstances or incapacity? What if I don't want anything disclosed based on someone else's professional judgment?
I just still think there is way too much leeway to allow things to be shared based on the ambiguous language of the text.
*HIPAA
First of all, that guy looks like shit for a 34 year old. Doesn't look like the hair plugs took as well as he hoped.
Secondly..... This guy just went through like eight years of school and like ten of residency and fellowship to be a surgeon, and he just threw away his whole damn life to own the libs.
No hospital with an operating room is ever going to allow this guy to practice, even if he somehow gets away with a slap on the wrist. This is the exact type of scenario that hospitals dread. Texas Childrens is going to be sued, especially since they let him access patient information after he finished his rotation. I also think there are fines for the facility where a HIPAA violation occurred.
What a loser.
He is now qualified to be a medical correspondent for NewsMax, though. It probably pays better.
Not “to own the libs” — rather “fOr thE cHiLdreN!!?!!!!!!”
They are so concerned with personal liberty that they must ensure that nobody practices it differently.
These children received appropriate, legal medical care! Shame them! How DARE they receive treatment for something as hard to cope with as this!?
I'm 43 and he looks older than me. That could be the Kender blood though.
Dudefella is trying to claim he's a whistleblower and should therefore face no consequences. Last time I checked, whistleblower laws only protect you if you're reporting illegal activity. If the hospital stopped providing these services when they were made illegal, then he's just doxing people for no good reason. (not that I think it would be a good reason either way)
I'm just really concerned that, in the political environment of Texas right now, he'll get away with little or no consequences. Hell, there are probably a ton of people looking at him as some kind of hero right now, and that just makes me feel ill.
Considering the governor pardoned a convicted murderer i'ma guess this guy gets off
The governor can't do shit about it. These are federal charges. And he's up for the malicious intent ones. 250k and 10 years.
That’s $250k and 10 years per case. He leaked three separate patients’ info. HIPAA doesn’t fuck around.
Tired of being a doctor -- time to start my media pundit career!
Knowing Texas he won't lose his license.
From what I recall Whistle blower statutes in Texas only apply to state employees not private employees.
There might be some civil liability, but only because the burden of proof in such a case would fall on the accused - "beyond a reasonable doubt" is for legal prosecution, not civil suits.
This should be a huge HIPPA violation if it included patient information.
HIPAA
I think this counts as malicious harm...
offenses committed with the intent to sell, transfer or use individually identifiable health information for commercial advantage, personal gain or malicious harm permit fines of $250,000 and imprisonment up to 10 years.
Dude fucked around.
Texas will likely see that he gets no punishment
HIPAA violations aren't state, they're federal.
They would if these were state charges.
whistleblower documents
Usually that stuff is not released for the benefit of the state, but against the state. And I really hope he realizes he just put children in the crossfire of a political debate that has become very extreme and heated.
Sorry but even with his policies in mind, this is more than neglectful for the children's safety. What the fuck.
The problem is they feel like they’re saving children. Their RADICAL parents are FORCING them into this shit or something and they’re putting a stop to it.
Well there are a number of ways to convince them they're wrong. In Texas; even more.
Only if you have a red hat, though.
No, see? It's okay because it's the truth. You're allowed to break any law in America as long as it's used to spread "the truth".
Did he nickname his skull and brain, "The Law" and "The Truth"? I'm just asking questions, this is not a call for violence.
Man steal confidential documents and gives it to conservative activists as a way to create a narrative that people are trying to provide "illegal" transgender care...
Then claims the investigation against him is political...
Gotta love the republican mindset, just claim you are a victim of whatever it is you are trying to do.
It is almost as intelligent as when children argue and one calls the other a moron, then their only response is, "No! You're the moron!"