Comment by Aurornis
5 months ago
> The rules should apply to the ones foisting this system upon us as well. This is probably the only way to make anyone in power reconsider current setup.
Unless your problem is with the company doing the privacy violations, this doesn’t make any sense.
Pretty much all companies are doing the privacy violations. You think your doctors office doesn't sell their contact list?
Where I live, which is not in the USA, I'm confident my doctor's office doesn't sell their contact list - or at least, not without statistical anonymisation and aggregation for research purposes.
They probably outsource processing the data and storing it to other entities, but that will be under contracts which govern how the data may be used and handled. I assume that's not what "sell the data" means in this conversation.
It would be such an egregious violation of local data protection law to sell patient personal details for unrestricted commercial use, including their contact info, and it would make the political news where I live if they were found out.
Here in NL my local doctors office just delegates their IT to some US-based company. I doubt they take privacy seriously. Their whole security is a joke. but they make a theatre out of it to give an impression otherwise.
EU law means little in this respect, since it's not enforced and most people don't understand enough on the subject to even evaluate what's going on with their data (or their clients data).
Also "not in the USA" i actually work on a medical ish application these days (not the in production version, mind but a fork with new features that's entirely separate at the moment).
I have access to ... zero patient data. Our entire test database is synthetic records.
HIPAA is pretty much the only halfway effective privacy regulation the US has. It imposes strong regulatory, licensure, and even criminal censure for violations.
It's formulated so that they can give those contacts away rather than sell them, but only to the rest of the medical goods & services supplychain that are involved in your care, who are also bound by HIPAA.
The worst dark pattern this has generated so far seems to be pharmaceutical company drug reps bribing your doctor to change what they would prescribe you.
The worst that's likely to happen without regulation, as far as I can tell, involves an associated provider just leaking UnitedHealthcare's full database of every patient and every condition.
In my country (and I suspect most Western Countries) my doctor would lose his medical licence for selling my contact information.
Your poor oppressed doctor! And I’ll bet they rarely even get to treat bullet wounds. It’s different here in the Land of the Free ™.
4 replies →