Thanks to numerous ongoing Facebook scandals making headlines, consumers are finally—maybe—starting to grasp what healthcare privacy experts have understood for some time: most people aren’t reading the fine print of privacy authorization forms. The point is driven home by the rapid mainstreaming of artificial intelligence products in both the consumer and healthcare markets, and the popularity of mobile and wearable health-tracking devices—both industries that commonly track personal data in ways that might creep out the average person.
HIPAA grants providers and covered entities broad leeway to determine how they use patient information once the patient signs the required Notice of Privacy Practices (NPP) form. The medical research community would have a much harder time researching new treatments and developing life-saving medications without data from the very patients they’re trying to help. However, even patients who do their own due diligence during treatment don’t realize that the social networks they are participating in collect their healthcare data too. Pharmaceutical firms, laboratory vendors, employee wellness programs, artificial intelligence vendors, technology companies (Apple, Facebook, Uber, Google, Amazon), and other healthcare stakeholders are paying top dollar for patient data wherever it can be found—and they aren’t necessarily beholden to HIPAA regulations.
Additionally, anonymizing healthcare data, which HIPAA-covered entities and business associates must do before sharing, has become increasingly hard to do well, experts say.
The following slideshow highlights recent examples of the thorny intersection of patient privacy, technology, and social media.
Mary Butler is the associate editor at Journal of AHIMA.