Colorado Springs

HIPAA won’t always protect your health app data in a post-Roe world – Colorado Springs, Colorado

Colorado Springs, Colorado 2022-07-07 08:13:04 –

Since the Supreme Court overturned the Roe v. Wade case, there has been a national court battle over abortion. There was confusion among healthcare providers, patients, and law enforcement agencies about what information could be used against someone in court if abortion was criminalized.

In particular, there’s a lot of debate about what medical information law enforcement agencies can get by just using what’s already on someone’s cell phone, and in fact it’s much easier to access than you might imagine. ..

But before you get there, you might think that medical data is almost private anyway. So how much damage can you do? Now let’s talk about HIPAA.

Many Americans may assume that medical decisions, procedures, or data are fully protected by HIPAA (Health Insurance Portability and Accountability Act). While the law has created standards to protect sensitive health information from being disclosed without the consent of the patient, there are many misconceptions about what HIPAA actually covers and what it does not.

This may include not only the procedure itself, but also anything that may indicate that the patient was considering and seeking an illegal abortion.

For services subject to HIPAA regulations, such as regular hospitals, data protection is still not as strong as you might think.

First, HIPAA has 12 “national priorities” that allow information to be disclosed without permission. Law enforcement is just one of them. Information can be disclosed when a court order, identification of a potential witness to a crime, or when the entity holding the information believes that medical data is evidence of the crime.

It should be noted that the Department of Health and Human Services has issued updated guidelines to clarify the privacy rules explicitly related to abortion. For example, they pointed out that hospital employees suspected of having an illegal abortion could not be reported to law enforcement agencies unless required by state law.

It is important to understand that this does not radically change HIPAA and does not completely fill these security gaps in HIPAA. Some legal experts point out that healthcare providers are one of the most common ways to prosecute patients, but they are not the only ones. It often begins with a personal report from an angry partner or acquaintance to law enforcement.

When law enforcement is warned and the prosecution tries to determine if a pregnant person is trying to end the pregnancy, the phone data will work and a lot of data will be available.

Apps that collect and store important health information can have surprisingly inadequate privacy protection. Digital health products are not covered by HIPAA, giving enterprises greater data flexibility. A study by Tech Outlet Motherboard found how easy it is for data brokers to buy and sell data from apps such as Clue, one of US Plus’s most popular menstrual tracking apps.

The team purchased a sample of the data from the data marketplace Narrative for only $ 100. This is a platform where anyone can easily sign up and buy app information directly. The purchase took just a few minutes and contained over 5,000 identifiers for devices allegedly owned by Clue users. Note that these identifiers are not technically intended to be connected to a name or person due to anonymity, but there is a legitimate way to connect these dots anyway. .. The clue issued a statement claiming that the ID does not correspond to the user ID and we do not know where this data came from.

Health-related apps aren’t the only ones that can do harm. All regular apps can have location tracking data, and Motherboard has found at least one data broker that has sold the location information of users who have visited the abortion clinic.

There are already at least two cases in which women have been convicted of using such data. It’s not even medical information, it’s as simple as a search history.

Take up this 2017 case in which a Mississippi woman was charged with murder after a failed pregnancy. She confessed to her nurse who wanted to have her pregnancy, so the prosecutor tried to prove this in her phone search history, which showed that she had looked up her options. The murder charges were finally dismissed. In 2019, prosecutors used the browsing history of young Ohio mothers to claim that a stillborn baby was actually killed. She was also eventually acquitted of murder.

It was all before the Roe v. Wade case was overturned. More cases like this will be seen. The ambiguous statutory waters after the ruling put the spotlight on the existing issue of blaming the data. Perhaps this could change the way we think about technology, health, and our own data privacy.

Newsy is the only free national news network in the country, 24 hours a day, 7 days a week. You can find Newsy using your TV’s digital antenna or stream for free. See all the ways you can see Newsy here:

HIPAA won’t always protect your health app data in a post-Roe world Source link HIPAA won’t always protect your health app data in a post-Roe world

Back to top button