Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"if insurance is never involved HIPAA doesn't apply."

No. This is just plain false.

HIPAA applies when personally identifiable health information is shared/exchanged. And it applies whether the data is electronic or physical (paper).

(I am NOT saying DNA falls within the HIPAA guidelines.)



No, personally identifiable health information can be shared/exchanged without HIPAA applying. For example if I email my grandma information about my cancer diagnosis, Gmail isn't HIPAA compliant and doesn't need to be just because some people might use it to talk about their health. Grandma is also free to share my health information with impunity, she is free to, say, forward it to my boss because grandma doesn't have to abide by HIPAA either because she's a grandma.


Correct, you can personally share whatever information you like.

But a covered entity may not. And there are many covered entities which are not insurance related. That is all I was trying to say.


The privacy rule only applies covered entities. If a covered entity works with cloud provider, they sign a BAA. The cloud provider is not a covered entity.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: