The FTC alleged that in two separate incidents, LabMD collectively exposed the personal information of approximately 10,000 consumers.
Universities, government agencies, and private health care entities use such data for research, development and marketing purposes.
[3] Covered Entities In general, U.S. law governing PHI applies to data collected in the course of providing and paying for health care.
Privacy and security regulations govern how healthcare professionals, hospitals, health insurers, and other Covered Entities use and protect the data they collect.
However, obtaining information about the amputation exclusively from a protected source, such as from an electronic medical record, would breach HIPAA regulations.
Cloud computing and other services allow healthcare providers to store vast amounts of data for easy access.
Healthcare providers will often store their data on a vast network of remote servers, proving susceptible to privacy breaches.
Privacy concerns for consumers arise when these technology companies are not considered covered entities or business associates under HIPAA or where the health information collected is not PHI.
Luca Bonomi and Xiaoqian Jiang determined a technique to perform temporal record linkage using non-protected health information data.
Bonomi and Jiang propose using the patient’s non-protected health information data to determine records and establish patterns.
This approach allows the linkage of patient records using non-PHI data, by giving doctors patterns and a better idea of important diagnoses.
In 1996, the Clinton Administration passed the HIPAA Privacy Rule, limiting a physician's ability to arbitrarily disclose patients’ personal medical records.
In a study conducted by Nancy Brinson and Danielle Rutherford, over 90% of consumers were comfortable with the opportunity to share data with a healthcare provider.
However, Brinson and Rutherford claim that consumers fail to make privacy a priority when they choose to share this information.
To combat misuse of PHI on mobile healthcare platforms, Brinson and Rutherford suggest the creation of a policy rating system for consumers.
A rating system, monitored by the Federal Trade Commission would allow consumers a centralized way to evaluate data collection methods amongst mobile health providers.