Erin McCann writes:
Sure, HIPAA adds a layer of privacy protection for certain health data — if organizations actually comply with it — but there remains myriad avenues of mining health data and selling to the highest bidder that do not fall under the purview of HIPAA’s privacy and security rules. And they may surprise you.
Anything from what health data one Googles, to what medical products you purchase through online retailers are fair game for data brokers. What’s more, these companies are not liable under HIPAA and are able, without an individual’s consent, to track and collect health data for various purposes, says a new July report from the California Healthcare Foundation.
Often unknown by consumers, data elements including Googling for health data; using medical-related social networks; purchasing health products through online retailers; entering retail store preferences and locations into smartphones; or even buying any item related to health like fast food and cigarettes, can all be tracked.
Read more on HealthcareITNews.