Todd A. Jacobs | Pragmatic Cybersecurity<p><span class="h-card" translate="no"><a href="https://mastodon.social/@Catawu" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Catawu</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>briankrebs</span></a></span> I’m not really interested in their frame of reference or what they think about the people impacted. That’s not because I don’t care, but because I think it's irrelevant to the deeper underlying issues.</p><p>I’m actually more interested to what extent this situation may violate <a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> and other <a href="https://infosec.exchange/tags/patientprivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>patientprivacy</span></a> laws. Part of the functional challenge in what is currently going on at the federal level is that many privacy and <a href="https://infosec.exchange/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthcare</span></a> safeguards such as HIPAA are a complex mixture of laws passed by Congress and regulations defined by the executive branch to implement those laws.</p><p>I am not a lawyer, but I do deal with <a href="https://infosec.exchange/tags/privacyregulations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacyregulations</span></a> and <a href="https://infosec.exchange/tags/regulatorycompliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regulatorycompliance</span></a> issues professionally. To the extent that the administration is arguing that they have constitutional authority to make changes to the implementations developed and overseen by the executive branch itself, the extent of what is being done seems unprecedented but may not be illegal per se. I am not qualified to make that determination, but I think it's the foundational question that needs to be asked.</p><p>On the other hand, the parts of HIPAA and other federally-enacted laws regarding <a href="https://infosec.exchange/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthcare</span></a> and privacy <em>are</em> in fact laws established within our country’s constitutional framework. The executive branch can’t simply wish clearly-established laws into the cornfield. Unfortunately, many laws leave a great deal of the implementation details—whether unintentionally or through deliberate delegation—to the executive branch, the states, or various regulatory agencies. In turn, many of <em>those</em> regulators also operate to one extent or another under the executive branch, and that further complicates the picture.</p><p>Many federal laws leave a great deal of wiggle room for interpretation to the executive and judicial branches whether not by design, but congressionally-enacted laws and protections provided by the Constitution itself cannot simply be ignored. While there's definitely a difference, separating a "law" from the "regulations" that implement that law isn't necessarily a simple exercise.</p><p>The real challenge is that our republic was designed as a Venn diagram of overlapping roles, responsibilities, and authority that were meant to operate in a state of carefully-balanced tension. The republic's framework has never been tested this broadly within my lifetime, if ever. Even though how our three branches of government <em>should</em> work is material covered in any decent highschool civics class, the complexity of statutory vs. regulatory authority requires legal and Constitutional scholarship that is more than the average citizen can bring to bear on the matter. I'd like to think I understand these issues better than most—and I certainly have my own personal and professional instincts about what's right and wrong—but I wouldn't dream of claiming to understand all the nuances involved.</p><p>Professionally, I am taking a deliberately apolitical approach to what is a very legitimate set of questions about constitutional authority. Likewise, my apolitical but professional experience tells me that there is entirely too much gray area around the constitutional and legal topics to determine with certainty what is <em>legal</em> as opposed to what is moral or ethical. In my professional experience, what is <em>right</em> and what is <em>lawful</em> aren't always the same.</p><p>Unless society as a whole is willing to revisit some of the underlying assumptions collectively made over the past several hundred years about the differences between legislative laws and the administrative regulations that implement them, this problem is unlikely to go away anytime soon. In fact, it is likely to spread to other areas with similar gray areas. As an argument by analogy, the current legal mess around <a href="https://infosec.exchange/tags/copyright" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>copyright</span></a> and <a href="https://infosec.exchange/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LLM</span></a> training may be similar in terms of being pure sophistry where the term "fair use" is clearly being used in an intellectually dishonest way, but apparently it's far enough into the gray to pass legal muster right now. Decades or centuries of legislative layering has led to a legal framework that never envisioned modern realities. Revisiting and revising centuries of legal accretion would require a strong moral compass, a great deal of political courage, and in-depth analysis by legal and constitutional scholars (among others) in order to address the very real institutional unraveling we're observing.</p><p>Sadly, in a society that frequently classifies expertise as “elitism" such a brutally honest conversation is unlikely to happen soon. A broad reconsideration of how our republic was designed to function and a hard look at how it actually functions would require high levels of both personal and political courage. It's even less likely to be rapidly prioritized without sufficiently clear political self-interest from a majority of those with the remaining authority to materially affect the outcome.</p><p>What I’ve said may strike some as political opinion rather than strictly analytical observation. However, my statements are deliberately based on well-established sociological and psychological norms rather than current politics. I feel confident in asserting that the likelihood of Congress or the Supreme Court—much less the general public—addressing these things effectively in the near term is essentially zero. For any elected or appointed official acting alone, the risk of asserting constitutional prerogatives vastly exceeds both the collective will of their respective institutions and the already-ceded institutional powers required to do so effectively.</p>
Recent searches
No recent searches
Search options
Only available when logged in.
social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.
Administered by:
Server stats:
490active users
social.coop: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#patientprivacy
1 post · 1 participant · 0 posts today
Defensorum<p>📋 HIPAA clarification: Can healthcare providers mention who their patients are? ⚕️ Understanding when patient identification crosses legal boundaries <a href="https://mastodon.social/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://mastodon.social/tags/Compliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Compliance</span></a> <a href="https://mastodon.social/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthcare</span></a> <a href="https://mastodon.social/tags/PatientPrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PatientPrivacy</span></a> <a href="https://www.defensorum.com/hipaa-violation-to-say-someone-is-your-patient/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">defensorum.com/hipaa-violation</span><span class="invisible">-to-say-someone-is-your-patient/</span></a></p>
Bo Morgan<p><span class="h-card" translate="no"><a href="https://mastodon.social/@JeffC1956" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>JeffC1956</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@lemeteore" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lemeteore</span></a></span> </p><p>Have a look at HealthURL, which is an open source project for maintaining patient privacy with medical data on the Internet:</p><p><a href="https://healthurl.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">healthurl.com/</span><span class="invisible"></span></a><br><a href="https://kolektiva.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a><br><a href="https://kolektiva.social/tags/medical" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>medical</span></a><br><a href="https://kolektiva.social/tags/medicaldata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>medicaldata</span></a><br><a href="https://kolektiva.social/tags/patientprivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>patientprivacy</span></a><br><a href="https://kolektiva.social/tags/healthurl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthurl</span></a><br><a href="https://kolektiva.social/tags/health" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>health</span></a><br><a href="https://kolektiva.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a><br><a href="https://kolektiva.social/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>foss</span></a><br><a href="https://kolektiva.social/tags/floss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>floss</span></a></p>
Bo Morgan<p>Have a look at HealthURL, which is an open source project for maintaining patient privacy with medical data on the Internet:</p><p><a href="https://healthurl.com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">healthurl.com/</span><span class="invisible"></span></a></p><p><a href="https://kolektiva.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://kolektiva.social/tags/medical" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>medical</span></a> <a href="https://kolektiva.social/tags/medicaldata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>medicaldata</span></a> <a href="https://kolektiva.social/tags/patientprivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>patientprivacy</span></a> <a href="https://kolektiva.social/tags/healthurl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthurl</span></a> <a href="https://kolektiva.social/tags/health" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>health</span></a> <a href="https://kolektiva.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://kolektiva.social/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>foss</span></a> <a href="https://kolektiva.social/tags/floss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>floss</span></a></p>
SubtleBlade ⚔️<p><a href="https://mastodon.scot/tags/PatientPrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PatientPrivacy</span></a> fears as <a href="https://mastodon.scot/tags/US" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>US</span></a> <a href="https://mastodon.scot/tags/SpyTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SpyTech</span></a> firm <a href="https://mastodon.scot/tags/Palantir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Palantir</span></a> wins £330m <a href="https://mastodon.scot/tags/NHSEngland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NHSEngland</span></a> contract</p><p>Awarding of contract to create new <a href="https://mastodon.scot/tags/data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>data</span></a> platform prompts immediate concerns about <a href="https://mastodon.scot/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> of <a href="https://mastodon.scot/tags/MedicalRecords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MedicalRecords</span></a><br> <a href="https://www.theguardian.com/society/2023/nov/21/patient-privacy-fears-us-spy-tech-firm-palantir-wins-nhs-contract" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theguardian.com/society/2023/n</span><span class="invisible">ov/21/patient-privacy-fears-us-spy-tech-firm-palantir-wins-nhs-contract</span></a><br><a href="https://mastodon.scot/tags/ToryPoliciesInAction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ToryPoliciesInAction</span></a> <a href="https://mastodon.scot/tags/DataPrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataPrivacy</span></a> <a href="https://mastodon.scot/tags/NHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NHS</span></a></p>
Michael Reeder LCPC<p>Private, vetted email list for mental health professionals: <a href="https://www.clinicians-exchange.org" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="">clinicians-exchange.org</span><span class="invisible"></span></a><br>Open LEMMY instance for all mental health workers: <a href="https://lem.clinicians-exchange.org" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">lem.clinicians-exchange.org</span><span class="invisible"></span></a><br>.</p><p>TITLE: Good Therapy Credit Card Info and Security / 3rd Party Tracking</p><p>Yes, I actually do ask myself why I bother anymore, in case you are <br>wondering.</p><p>This stuff is so ubiquitous now as to be all but unavoidable.</p><p>That said, perhaps multiple letters from their customers (such as the <br>one below) might sway thinking?</p><p>~~~~~~~~~~~~~~~~~~</p><p>www.goodtherapy.org</p><p>Dear Good Therapy Support:<br>support@goodtherapy.org</p><p>I just updated my payment information with a new credit card.</p><p>In order to do this, I had to turn off "Brave Shields" -- basically a <br>web browser feature that blocks 3rd party tracking (cookies, web <br>beacons, sending data out to outside URLs). The web page would not <br>display with shields up.</p><p>*In payment transactions on multiple other websites I have NEVER had to <br>turn off my 3rd party tracking blockers.**<br>*<br>This is disconcerting -- makes me wonder how secure your website is.</p><p>Please consider changing this.</p><p>~~~~~~~~~~~~~~~~~~~</p><p>Also -- although I will never use your Good Therapy Verified Seal widget <br>-- its abilities to collect data for tracking, analysis, and advertising <br>from mental health websites is in very poor judgement. This stops only <br>just slightly short of a HIPAA violation as anyone looking at a <br>therapist's website is certainly considering mental health help. Data <br>from multiple such widgets and trackers across websites is used all the <br>time by 3rd party aggregators to discover the full name and identity of <br>visitors.</p><p>This is disappointing behavior that has lowered my trust in your <br>organization.</p><p>Thanks,<br>Michael Reeder</p><p>~~~~~~~<br><a href="https://mastodon.clinicians-exchange.org/tags/psychology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>psychology</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/counseling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>counseling</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/socialwork" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>socialwork</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/psychotherapy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>psychotherapy</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/legal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>legal</span></a> <br><span class="h-card"><a href="https://a.gup.pe/u/psychotherapist" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>psychotherapist</span></a></span> <span class="h-card"><a href="https://a.gup.pe/u/psychotherapists" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>psychotherapists</span></a></span> <br><span class="h-card"><a href="https://a.gup.pe/u/psychology" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>psychology</span></a></span> <span class="h-card"><a href="https://a.gup.pe/u/socialpsych" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>socialpsych</span></a></span> <span class="h-card"><a href="https://a.gup.pe/u/socialwork" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>socialwork</span></a></span> <br><span class="h-card"><a href="https://a.gup.pe/u/psychiatry" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>psychiatry</span></a></span> <a href="https://mastodon.clinicians-exchange.org/tags/mentalhealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mentalhealth</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/psychiatry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>psychiatry</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/healthcare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>healthcare</span></a> <br><a href="https://mastodon.clinicians-exchange.org/tags/HIPAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HIPAA</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/dataprotection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataprotection</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <span class="h-card"><a href="https://a.gup.pe/u/infosec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>infosec</span></a></span> <a href="https://mastodon.clinicians-exchange.org/tags/doctors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>doctors</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/hospitals" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hospitals</span></a> <br><a href="https://mastodon.clinicians-exchange.org/tags/BAA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BAA</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/businessassociateagreement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>businessassociateagreement</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/patientprivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>patientprivacy</span></a> <a href="https://mastodon.clinicians-exchange.org/tags/goodtherapy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>goodtherapy</span></a><br>.<br>.<br>NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can subscribe at <span class="h-card"><a href="https://mastodon.clinicians-exchange.org/@PsychResearchBot" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>PsychResearchBot</span></a></span></p>
Steve Dustcircle 🌹<p><a href="https://masto.ai/tags/Biden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Biden</span></a> administration proposes to strengthen <a href="https://masto.ai/tags/patientprivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>patientprivacy</span></a> for those seeking <a href="https://masto.ai/tags/abortions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>abortions</span></a><br><a href="https://ohiocapitaljournal.com/2023/04/13/biden-administration-proposes-to-strengthen-patient-privacy-for-those-seeking-abortions/?eType=EmailBlastContent&eId=1bebe564-7230-4e54-b5ea-bdbda2003179" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ohiocapitaljournal.com/2023/04</span><span class="invisible">/13/biden-administration-proposes-to-strengthen-patient-privacy-for-those-seeking-abortions/?eType=EmailBlastContent&eId=1bebe564-7230-4e54-b5ea-bdbda2003179</span></a></p>
Wanda Whitney<p>Hmmm. Guess I should've known. "Every hospital in America promises to protect the privacy of its patients and the details of their medical care. And almost every one of them uses sophisticated data tools to track and share the personal information of visitors as soon as they start clicking on their websites." Article from Stat News: <a href="https://www.statnews.com/2023/04/03/hospitals-hipaa-health-data-pixel-tracker/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">statnews.com/2023/04/03/hospit</span><span class="invisible">als-hipaa-health-data-pixel-tracker/</span></a></p><p><a href="https://blacktwitter.io/tags/Hospital" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hospital</span></a> <a href="https://blacktwitter.io/tags/Data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Data</span></a> <a href="https://blacktwitter.io/tags/Tracker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tracker</span></a> <a href="https://blacktwitter.io/tags/PatientPrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PatientPrivacy</span></a> <a href="https://blacktwitter.io/tags/DataSharing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataSharing</span></a> <a href="https://blacktwitter.io/tags/TargetedAds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TargetedAds</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload