Comment by dzdt
7 months ago
Amazing to me that an article like this doesn't have a big section discussing how a provider sharing personal health data without permission is blatantly illegal under the HIPAA act. It only mentions as an aside that there are various related lawsuits.
Covered California's privacy policy explicitly says they follow HIPAA and that "Covered California will only share your personal information with government agencies, qualified health plans or contractors which help to fulfill a required Exchange function" and "your personal information is only used by or disclosed to those authorized to receive or view it" and "We will not knowingly disclose your personal information to a third party, except as provided in this Privacy Policy".
Those privacy policy assertions have been in place since at least October 2020, per the Internet Archive wayback machine record. [2]
[1] https://www.coveredca.com/pdfs/privacy/CC_Privacy_Policy.pdf
[2] https://web.archive.org/web/20201024150356/https://www.cover...
Companies outright lie in their privacy polices all the time. The legal risk in doing so is basically zero because nobody bothers to sue and it's impossible to show damages.
> Amazing to me that an article like this doesn't have a big section discussing how a provider sharing personal health data without permission is blatantly illegal under the HIPAA act.
Being really clear, I despise this whole situation. But there's a lot of contortion to get to a government healthcare marketplace being consider a healthcare provider, which has a definition in the law.