Want to go to your local hospital's website to access your patient portal and information about your health? Well, the Biden administration says that probably violates the Health Insurance Portability and Accountability Act (HIPAA).
And to stop those violations, the feds have told hospitals across the nation they need to stop using third-party tools that help their websites function, particularly those from big tech companies like Google and Meta.
And we're not talking about crazy website tools here either; they're tools like embedded Maps, in case, for some reason, you might actually want to know how to get to the hospital before you bleed to death.
The U.S. Department of Health and Human Services (HHS) has threatened that fines for HIPAA violations against the hospitals will be assessed for every IP address that accesses the hospitals' websites.
Considering that one HIPAA violation runs between $100 and $50,000, you probably won't need to worry about getting to that hospital after all. It will be fined out of existence.
But complying with the HHS isn't that easy. Hospitals say that removing these tools will severely affect their ability to provide patient care. So, the American Hospital Association and several hospital systems have teamed up to file a lawsuit against the new regulations.
On the other hand, there's some reason for the government's concern.
Earlier this year, telehealth startup Cerebral admitted that it shared the private health data of 3.1 million patients with Google, Meta, and TikTok because they were using third-party analytics tools.
If an individual created a Cerebral account, the information disclosed may have included name, phone number, email address, date of birth, IP address, Cerebral client ID number, and other demographic or information. If, in addition to creating a Cerebral account, an individual also completed any portion of Cerebral's online mental health self-assessment, the information disclosed may also have included the service the individual selected, assessment responses, and certain associated health information.
If, in addition to creating a Cerebral account and completing Cerebral's online mental health self-assessment, an individual also purchased a subscription plan from Cerebral, the information disclosed may also have included subscription plan type, appointment dates and other booking information, treatment, and other clinical information, health insurance/pharmacy benefit information (for example, plan name and group/member numbers), and insurance co-pay amount.
That's pretty much all the patients' data.
Cerebral's breach of private healthcare data was the third largest leak of healthcare data in U.S. history.
But the hospitals the HHS is threatening are using these same tools. There's no telling how much of our healthcare data big tech has scraped "inadvertently."
Certainly, there would be no way these companies could be developing and selling AI healthcare tools if it wasn't a lot though. AI requires massive data sets to learn from.
Why the government isn't going after big tech for HIPAA violations is an interesting question in that light.
Maybe Rick Pollack, AHA president and CEO can shed some light on the reason,
"The Department of Health and Human Services' new rule restricting the use of critical third-party technologies has real-world impacts on the public, who are now unable to access vital health information. In fact, these technologies are so essential that federal agencies themselves still use many of the same tools on their own webpages, including Medicare.gov, Tricare.mil, Health.mil, and various Veterans Health Administration sites. We cannot understand why HHS created this ‘rule for thee but not for me.'"
Yep, the federal government is sharing all your healthcare data with big tech too, relying on the same analytics tools they're telling the private hospital systems they can't continue using, or they'll face crippling fines.
Either way you slice it, I think the answer winds up the same.
Privacy, as we knew it, is dead.
P.S. Now check out our latest video 👇