Skip Navigation

TIL - HIPAA doesn't protect data from being shared between organizations without consent

It obviously protects against sharing data with e.g. your employer, but if a health provider chooses to make your data shareable, there are 2.2M authorized entities that can potentially access the data (identifiable health data).

Excerpt of the video description: Most people think that HIPAA means that their medical records are kept private. But what if I told you that HIPAA doesn’t protect your privacy at all?

This is our first video in a series about medical privacy, specifically looking at legislation that stripped individuals of the right to consent to medical data sharing.

We focus on what HIPAA actually is, how it came to allow our data to be shared without us even knowing, how we’ve been tricked into thinking we have privacy, and steps we can take to reclaim control of our medical data.

00:00 The State of Medical Privacy is a Mess 02:29 What is HIPAA 07:39 How Your Data is Shared 12:10 The Illusion of Privacy 14:48 What Can We Do 22:16 We Deserve Medical Privacy

We deserve privacy in our medical system. Our health information is sensitive, and we should be allowed to protect it. Even while we fight for better medical privacy, please always prioritize your health.

Special Thanks to: Twila Brase, Rob Frommer, and Keith Smith for chatting to us!

List of doctors who have opted out of the surveillance system: https://jointhewedge.com/

Twila's website: https://www.cchfreedom.org/patient-toolbox/

Do you want to fight the system and lead a suit against medical data collection? Contact the Institute for Justice: https://ij.org/

Keith Smith's Surgery Center: https://surgerycenterok.com/

Brought to you by NBTV team members: Lee Rennie, Cube Boy, Sam Ettaro, Will Sandoval and Naomi Brockwell

Edit: changed the title to something that isn't misleading

16

You're viewing a single thread.

16 comments
  • Having permission to access to the HIPAA-protected dataset is only the first hurdle. You also need a medically valid or claim processing reason to look at individual patient records within that dataset. People have gotten into trouble by not respecting this. Doctors and other providers are not going to just poke around in the data for fun. Too little to gain for too much risk.

    HIPAA is far from perfect, but it does do a decent job of protecting data at rest and in transit. If a bad actor like a hacker manages to get a copy of it, the sensitive stuff will be encrypted.

    We handle HIPAA data at my job, and we all take it very seriously. There's annual training required, and a reporting process for violations. Nobody is looking at anything unless they really need to.

    Large corporate health insurance providers are another problem. They of course do have access to it, and I am sure they abuse the privilege for data mining and scheming on claims denial strategies and so on. But that's a political and enforcement issue not an issue with HIPAA itself. They are violating HIPAA and getting away with it because they are a powerful lobby.

16 comments