Virginia and Washington, D.C. paused the data collection and sharing, after Bloomberg's investigation found their health insurance marketplaces were sharing users' information with advertisers.
HIPAA applies to personally identifiable information that links the patient to the medical data. It can be shared if the patient has been obfuscated enough to not be personally identifiable, but the interpretation of that can be pretty broad.
For instance, I can say something like in the Generic County area, there is a predominance of [Disease] among the [Race] community. This was found to be 10% higher in non-citizens of that race. Of patients surveyed, 40% were noncitizens. It was also noted that the Generic Neighborhood displayed a 15% higher rate than the average for this disease.
No single person is identified, but I can narrow down a target audience to a specific neighborhood and ethnicity if I’m an advertiser. This same information can then be used maliciously to infer that the Generic Neighborhood likely has a population of illegal immigrants living there.
When combined with the other data they collect on people, they can likely narrow it down to individual people and homes.
What HIPPA says I can’t say is “Juan Lopez is an illegal Mexican immigrant with gastroparesis.” It was a law designed before the current AI data bullshit, and it needs to be updated to be a lot stronger to provide the protection it is supposed to provide.
This is why people have been screaming about ‘its only your meta data we are sharing’ being a crock of horseshit for over a decade now, because meta data + data analysis = very high confidence of actual PII.
But we didn’t listen to those paranoid nerds, so now we live in hell.
Oh also literally every company or organization does this with all the data they can legally (or sometimes illegally) do this with.
They get a slap on the wrist, sometimes… data is very profitable.
Oh and Palantir has all of this kind of data, if that makes you feel better.
Old internet addage: If you’re getting something for free, you are the product.
Oh oh bonus:
The laws around this will never change unless basically everyone in the country with a net worth of ~$250 million or greater suddenly dies.
Ooh, I actually know this one!
HIPAA applies to personally identifiable information that links the patient to the medical data. It can be shared if the patient has been obfuscated enough to not be personally identifiable, but the interpretation of that can be pretty broad.
For instance, I can say something like in the Generic County area, there is a predominance of [Disease] among the [Race] community. This was found to be 10% higher in non-citizens of that race. Of patients surveyed, 40% were noncitizens. It was also noted that the Generic Neighborhood displayed a 15% higher rate than the average for this disease.
No single person is identified, but I can narrow down a target audience to a specific neighborhood and ethnicity if I’m an advertiser. This same information can then be used maliciously to infer that the Generic Neighborhood likely has a population of illegal immigrants living there.
When combined with the other data they collect on people, they can likely narrow it down to individual people and homes.
What HIPPA says I can’t say is “Juan Lopez is an illegal Mexican immigrant with gastroparesis.” It was a law designed before the current AI data bullshit, and it needs to be updated to be a lot stronger to provide the protection it is supposed to provide.
So aggregate data is fine but personally identifiable data is not. Cool… TIL.
Yes.
This is why people have been screaming about ‘its only your meta data we are sharing’ being a crock of horseshit for over a decade now, because meta data + data analysis = very high confidence of actual PII.
But we didn’t listen to those paranoid nerds, so now we live in hell.
Oh also literally every company or organization does this with all the data they can legally (or sometimes illegally) do this with.
They get a slap on the wrist, sometimes… data is very profitable.
Oh and Palantir has all of this kind of data, if that makes you feel better.
Old internet addage: If you’re getting something for free, you are the product.
Oh oh bonus:
The laws around this will never change unless basically everyone in the country with a net worth of ~$250 million or greater suddenly dies.