Interesting People mailing list archives
Re: Are Google/MSFT bound by HIPAA?
From: David Farber <dave () farber net>
Date: Sun, 24 Feb 2008 05:58:05 -0800
________________________________________ From: bmagnus () samespace com [bridgetmagnus () gmail com] On Behalf Of Bridget Magnus [bmagnus () samespace com] Sent: Saturday, February 23, 2008 10:55 AM To: David Farber Subject: RE: [IP] Are Google/MSFT bound by HIPAA? Sort of. Not only are any parties that hold medical data that is both 1) personally identifiable and 2) relates to medical care and/or the payment for such care subject to HIPAA, any company that submits this sort of data do them must get an agreement that holds them to certain confidentiality standards before sending data. Furthermore, any facility sending information to them should amend the HIPAA statement they give to patients (who in my experience rarely take it home, let alone read it) to reflect the mere possibility of a data sharing agreement. Needless to say, there are some loopholes. They can aggregate non-identifiable information (such as total number of flu cases). Anonymized data can be released ("Mr. A, age 46, presented with interesting symptoms"). They have to comply with court orders to release data. There are certain instances where they may be required to report certain types of information to authorities such as the CDC. Services paid for in cash appear to be a grey area, but I'd rather comply unnecessarily than deal with federal lawsuits. But the short version is yes, and if they are as smart as we have been led to believe they are, they already have lawyers working on it. Bridget Magnus bmagnus () bridgetmagnus com --- (702) 727-7842 --- http://bridgetmagnus.com/ -- My professional site, your source of information on real estate and moving to Las Vegas -----Original Message----- From: David Farber [mailto:dave () farber net] Sent: Saturday, February 23, 2008 6:34 AM To: ip Subject: [IP] Are Google/MSFT bound by HIPAA? ________________________________________ From: Michael Zimmer [michael.zimmer () yale edu] Sent: Saturday, February 23, 2008 8:35 AM To: David Farber Subject: Are Google/MSFT bound by HIPAA? Can anyone in IP shed light on whether 3rd parties who hold personal medical information (such as Google or Microsoft) are bound by HIPAA's privacy and disclosure guidelines? Thanks, Michael ----- Michael Zimmer, PhD Microsoft Fellow, Information Society Project Yale Law School e: michael.zimmer () yale edu w: http://michaelzimmer.org ------------------------------------------- Archives: http://www.listbox.com/member/archive/247/=now RSS Feed: http://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com ------------------------------------------- Archives: http://www.listbox.com/member/archive/247/=now RSS Feed: http://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Are Google/MSFT bound by HIPAA? David Farber (Feb 23)
- <Possible follow-ups>
- Re: Are Google/MSFT bound by HIPAA? DAVID FARBER (Feb 23)
- Re: Are Google/MSFT bound by HIPAA? David Farber (Feb 24)
- Re: Are Google/MSFT bound by HIPAA? David Farber (Feb 24)
- Re: Are Google/MSFT bound by HIPAA? David Farber (Feb 24)
- Re: Are Google/MSFT bound by HIPAA? DAVID FARBER (Feb 24)
- Re: Are Google/MSFT bound by HIPAA? David Farber (Feb 25)
- Re: Are Google/MSFT bound by HIPAA? David Farber (Feb 25)
- Re: Are Google/MSFT bound by HIPAA? David Farber (Feb 26)
- Re: Are Google/MSFT bound by HIPAA? David Farber (Feb 28)