Facebook users may choose to belong to private or closed groups. Some joined a private group for people having a gene associated with breast cancer – and likely did not want that information publicly shared.
However, a feature of Facebook enabled Chrome plug-ins to harvest the names of members of closed groups.
“A genetic test result like BRCA is protected by HIPAA [the Health Insurance Portability and Accountability Act] and it can’t be shared with marketers, if it is in a medical record. But a social networking site is not covered by HIPAA”
Source: Facebook ‘closed’ groups weren’t as confidential as some thought
The 1996 HIPAA law covered many things, including the privacy of health information. The above shows how marketing firms (and others) strive to discern health information about individuals based on their purchase records, their online group memberships, and online services analyzing our email correspondence. While health care providers and insurers are to adhere to HIPAA privacy rules, once the information is outside these entities, health care information no longer has any protection requirements.
On Monday of this week, Dignity Health of California emailed to me the entire 101 page medical history of one of their patients. Literally, they emailed someone’s entire medical history to a random stranger on the Internet. I have no relationship with Dignity Health.
Searching online I found that HIPAA violations are as common as rain falling in Portland, Oregon. HIPAA seems to be more of a suggestion in terms of how health privacy is abused every day!