Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: : Are Google/MSFT bound by HIPAA?

From: DAVID FARBER <dave () farber net>
Date: Sun, 24 Feb 2008 13:44:04 -0500


Begin forwarded message:


From: "Mary Shaw" <mary.shaw () gmail com>
Date: February 24, 2008 10:38:58 AM EST
To: dave () farber net
Cc: ip <ip () v2 listbox com>
Subject: Re: [IP] Re: Are Google/MSFT bound by HIPAA?
To me, the more interesting question is not whether Google/MSFT, acting as partner of a HIPAA-covered institution, would become bound by HIPAA..
The more interesting question is what (if anything) limits Google/ MSFT, acting as an aggregator of public information, in its treatment of personally-identifiable medical information that it acquires through other means.
Most of the recent discussion here has focused on the former, but we shouldn't ignore the latter. People discuss their medical concerns in all sorts of public or semi-public online spaces; I think many don't fully appreciate how public (and persistent) these spaces are. For a long time, people acted as if social networking sites were only viewed by their acquaintances -- and there have been waves of alarm as it became evident how public that information could be. The ability of Google/MSFT to aggregate information from many places will surely make that alarm pale in comparison.
I haven't been part of the military-classified-information world in a very long time, but I do recall that information could be classified not only because it was derived from classified information but also because aggregation or analysis of previously- unclassified information yielded something sensitive. Perhaps we need something similar for personally-identifiable medical information -- but as I understand HIPAA, it applies to entities rather than to information. 

Mary Shaw
PS: "Google/MSFT" should refer to the whole information aggregation industry, not just the largest players. 

On Sun, Feb 24, 2008 at 8:47 AM, David Farber <dave () farber net> wrote:

________________________________________
From: Joseph M. Saul [jmsaul () ctconsultancy com]
Sent: Sunday, February 24, 2008 1:01 AM
To: David Farber
Cc: ip
Subject: Re: [IP] Re:  Are Google/MSFT bound by HIPAA?

On Sat, 23 Feb 2008, DAVID FARBER wrote:
>> Dr. Zimmer asks a very important question; unfortunately the answer is, "it >> depends." There are opinions on both sides of this answer. Some claim >> that Google and Msft are, indeed, bound by HIPAA's privacy and disclosure 
>> guidelines; other say, "hold on, it's not so clear that they are."

The question was whether they're currently bound by the HIPAA Privacy
Rule.  As it currently stands, they don't fit into any of the covered
entity categories. Are you talking about what would happen if they moved into the healthcare space, or are you saying they may actually be bound 
today?  And if it's the second one, could you explain the reasoning?

  -- Joe Saul, J.D.

-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com



-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: