Peggy & Your Private Health Data

“In a time zone 17 hours ahead, a radiologist in Australia, working for a company called NightHawk Radiology Services, had been sitting before the same images … Once your medical information travels to Australia, India or wherever you basically lose your HIPAA rights.”

That’s from 2006, and things haven’t improved. As we noted last month, even something as innocuous as your Fitbit is fair game for data hunters. Fortunately, the folks behind that product have voluntarily agreed to comply with (some?) HIPAA privacy regs.

On the other hand, the bigger picture is much less sunny:

“At-home paternity tests fall outside the law’s purview. For that matter, so do wearables … that measure steps and sleep, gene testing companies such as 23andMe, and online repositories where individuals can store their health records.”

This can lead to unfortunate consequences, primarily because the government agencies responsible for enforcing HIPAA’s privacy reg’s much authority to do so:

“A 2009 law called on HHS to work with the Federal Trade Commission … to submit recommendations to Congress within a year on how to deal with entities handling health information that falls outside of HIPAA. Six years later, however, no recommendations have been issued.“

Shocking, I know.

The bottom line is that, at this point, a lot of our ostensibly private health info is potentially freely available to any number of government agencies, vendors, even fellow consumers:

“Part of the lab’s website address caught her attention, and her professional instincts kicked in. By tweaking the URL slightly, a sprawling directory appeared that gave her access to the test results of 6,000 people.”

How many others are out there?