As someone who works in a startup in the healthcare space, I will point out that nobody lets health startups off the hook for HIPAA. You don’t get to be sloppy with people’s protected health information just because it makes your life easier.
I'm sorry but I don't see a comparison between what people *willingly post online to public forums compared to their personal health ledger... it's not apples to apples
The content of the data is not the issue. The point is that society has decided to pass a law stating that certain data needs to be treated a certain way or there are serious penalties because of past abuses. We in the US take for granted that this law exists, but there was much complaining in the medical establishment about how burdensome it is to them conducting their work because of all the extra protections it required. This was especially true in biomedical research where patient data was pretty carelessly treated in many cases. Not because the people involved were bad people, but because society as a whole had not thought through the consequences of walking around with an unencrypted list of cancer patients on a floppy disk.
I don't see a comparison between what people *willingly post online to public forums compared to their personal health ledger
There is, or at least there was a Facebook project for exactly that [1]
The thing is that none of those "anonymized" subjects would have ever been asked for consent if they really knew about the consequences.
Such behavior has really, really bad real world implications: When I got a knee operated one of the questions on the questionaire you need to fill is if you agree that your data can be shared in anonymous form for research. At that point (and given that this was a fairly
benign condition) I didn't see a problem with consenting.
After that revelation about what Facebook was up to my answer in the future is a clear NO!
Facebook handling medical data. What could ever go wrong with that?
