256
How is that not a HIPPA violation?
Ooh, I actually know this one!
HIPAA applies to personally identifiable information that links the patient to the medical data. It can be shared if the patient has been obfuscated enough to not be personally identifiable, but the interpretation of that can be pretty broad.
For instance, I can say something like in the Generic County area, there is a predominance of [Disease] among the [Race] community. This was found to be 10% higher in non-citizens of that race. Of patients surveyed, 40% were noncitizens. It was also noted that the Generic Neighborhood displayed a 15% higher rate than the average for this disease.
No single person is identified, but I can narrow down a target audience to a specific neighborhood and ethnicity if I’m an advertiser. This same information can then be used maliciously to infer that the Generic Neighborhood likely has a population of illegal immigrants living there.
When combined with the other data they collect on people, they can likely narrow it down to individual people and homes.
What HIPPA says I can’t say is “Juan Lopez is an illegal Mexican immigrant with gastroparesis.” It was a law designed before the current AI data bullshit, and it needs to be updated to be a lot stronger to provide the protection it is supposed to provide.
So aggregate data is fine but personally identifiable data is not. Cool… TIL.
Yes.
This is why people have been screaming about 'its only your meta data we are sharing' being a crock of horseshit for over a decade now, because meta data + data analysis = very high confidence of actual PII.
But we didn't listen to those paranoid nerds, so now we live in hell.
Oh also literally every company or organization does this with all the data they can legally (or sometimes illegally) do this with.
They get a slap on the wrist, sometimes... data is very profitable.
Oh and Palantir has all of this kind of data, if that makes you feel better.
Old internet addage: If you're getting something for free, you are the product.
Oh oh bonus:
The laws around this will never change unless basically everyone in the country with a net worth of ~$250 million or greater suddenly dies.
Uhm, yes but.. this is simpler.
The financial transaction of purchasing a health plan is not regulated under HIPPA. Only the claims within that organization associated with treatment.
The original Bloomberg article is quite informative.
California was the only state in Bloomberg’s review that did not use advertising trackers, having removed them last year after being informed of the security risk by nonprofit news organizations CalMatters and The Markup. A separate Markup analysis of 19 state sites last year also flagged data exposures in several states that later changed some of their settings.
According to Edwards, one reason so many websites continue to share sensitive user data is that website operators deploy tracking tools without fully understanding how they work. “The onus is on them to do it safely,” he said. “You can’t protect something that you don’t understand.”
If anyone has looked into Google ads at all, the first thing they try to get you to do is install a bunch of trackers on your website. In order to do that you have to check a box that says you have a privacy policy which discloses certain information. If you try to tell them you do not have that and do not want to do tracking they will outright lie about what they are getting you to do. They tell you to just check the box and that it doesn't matter and then will tell you that it doesn't track anything. One would hope that the people doing these sites for the government would know better, but they may also just not care. They may just be using a standard SEO suite and no one bothered to mention that maybe they shouldn't on either the government side or the company side.
What the hell is a healthcare marketplace?
Its the place where you go in capitalism land to pick your favorite brand/flavor of subscription payment plan for the ability to not die from an injury or health condition, but instead become chronically impoverished, or become a functional indebted slave laborer.
You forgot the bit where the subscription plan refuses to pay for the care you received.
Right.
Throw 'fradulent' in as an adjective before 'subscription payment plan'.
Thank Switzerland for this wonderful idea
Race data... only in USA and ww2 nazi germany
There are plenty of legitimate reasons to gather racial data. Knowing that black Americans are more susceptible to high blood pressure isn't racist.
That's not what's fucking going on here and you know it
There is only one human race.
this post was submitted on 04 May 2026
256 points (99.6% liked)
Technology
85016 readers
3245 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS