223
submitted 1 year ago by L4s@lemmy.world to c/technology@lemmy.world

Twelve of the largest drug stores in the U.S. sent shoppers’ sensitive health information to Facebook or other platforms.

you are viewing a single comment's thread
view the rest of the comments
[-] odbol@kbin.social 14 points 1 year ago

How is this not a HIPAA violation?

[-] Kerrigor@kbin.social 6 points 1 year ago

It is. Pharmacies like CVS fall under covered entities, and must adhere to HIPAA regulations.

[-] Yendor@reddthat.com 4 points 1 year ago

The article discusses this.

In these cases, a pixel on the pharmacy website is being downloaded by your IP address. I don’t think there’s anything there would constitute PHI (Protected Health Information) under HIPAA.

In isolation, this data means nothing. But these massive companies can easily link an IP address to a person. And each pixel has a different URL, which identifies what page is calling it (eg, the page that says you’ve added an HIV test to your cart).

The results of the test would be covered by HIPAA, as would any test administered by a doctor or in a hospital setting. But in a pharmacy only prescriptions are covered by HIPAA - anything non-prescription is unprotected.

[-] plz1@lemmy.world 1 points 1 year ago

So if you're privacy conscious and using something like NextDNS to block pixels and other shady tracking mechanisms at the DNS level, all's good? When I left Facebook back in 2016, I started with Pihole, but I like NextDNS because it's easier to use when not at home and I can manage profiles for family members easily in case to do find something they "need" to work. Why people willingly want to see ads is beyond me.

[-] Yendor@reddthat.com 2 points 1 year ago

It’s hard to say, but basic precautions like a browser based ad blocker would filter out probably 90%+ of this tracking. Firefox and Safari even have this baked in to the browser, you just need to turn it on.

[-] plz1@lemmy.world 1 points 1 year ago

The built in “do not track” features require companies to operate in good faith and honor that. I have zero trust In that.

[-] Yendor@reddthat.com 1 points 1 year ago

I’m not talking about “Do Not Track”. I’m talking about features like this:

https://support.mozilla.org/en-US/kb/trackers-and-scripts-firefox-blocks-enhanced-track

It’s a Firefox setting that specifically blocks pixels and cross-site cookies. It’s turned on by default, and you can increase it to “strict” if you value privacy over comparability.

[-] plz1@lemmy.world 2 points 1 year ago

Ah, wasn't aware of that one. Thanks for the info.

[-] Granite@kbin.social 1 points 1 year ago

HIPAA requires you to know about it to make a complaint. Also, corporations may not count as healthcare providers, so they sneak through a loophole.

[-] tal@kbin.social 6 points 1 year ago* (last edited 1 year ago)

None of this is correct. HIPAA obligations are not contingent on a complaint, and being incorporated absolutely is not incompatible with being a healthcare provider.

this post was submitted on 05 Jul 2023
223 points (98.3% liked)

Technology

59094 readers
3158 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS