I think there's misconceptions, trust being put in the wrong place, unawareness involved, or simply they don't think it through, rather than not caring (anectodal/IMO). E.g. "I don't have anything to hide, so what if they collect everything".

If we could build a tool to gather such info, that's easily accessible and for free, to show all the data available on you in the marketplace - that might make them uncomfortable. And then perhaps they'll start to try and understand why they're uncomfortable, and why this is bad.

I feel like there needs to be an incentive in mind for those apps to bring in ppl. People care about privacy but won't even delete FB, let alone use a different messaging app

What's your experience with using mysudo/voip numbers in terms of services accepting them (e.g. Google)? And socially, can you do regular calls with these numbers? Any audio delays?

What do you do wrt vegetables? I always end up using those thin plastic bag to wrap them, even uf I bring a big reusable bag to carry it all out

Hypothetically, they can ask for consent from patients, with some form that allows investigative agencies to access contact information of patients for such cases. I think there are other options other than sending it without consent and even the knowledge of the patients.

Awesome, thank you for pointIng out the issue with the previous one!

Changed the title, not sure how to balance "meant to make it easier to share between organizations (gov included)" and the misconception thay it is a privacy oriented regulation

From what I understand from the video and the regulation definition under Health Care Operations there are many ways for the provider to share the data without consent (page 2: https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/coveredentities/sharingfortpo.pdf).

“Health care operations” are certain administrative, financial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment. These activities, which are limited to the activities listed in the definition of “health care operations” at 45 CFR 164.501, include: < Conducting quality assessment and improvement activities, population- based activities relating to improving health or reducing health care costs, and case management and care coordination; < Reviewing the competence or qualifications of health care professionals, evaluating provider and health plan performance, training health care and non-health care professionals, accreditation, certification, licensing, or credentialing activities; < Underwriting and other activities relating to the creation, renewal, or replacement of a contract of health insurance or health benefits, and ceding, securing, or placing a contract for reinsurance of risk relating to health care claims; < Conducting or arranging for medical review, legal, and auditing services, including fraud and abuse detection and compliance programs; Business planning and development, such as conducting cost-management and planning analyses related to managing and operating the entity; and Business management and general administrative activities, including those related to implementing and complying with the Privacy Rule and other Administrative Simplification Rules, customer service, resolution of internal grievances, sale or transfer of assets, creating de-identified health information or a limited data set, and fundraising for the benefit of the covered entity.

Is that the first hurdle you were mentioning? I'm just trying to understand where is the restriction of the second hurdle if in 164.506 it says an entity can use the data:

"Use or disclose protected health information for its own treatment, payment, and health care operations activities"

Trying to understand the distinction add have another TIL moment, not aeguing against the comment

I guess there's some deminishing returns if the data gets distributed to too many entities

Although there are dumb phones out there

For me it's: Inciting violence, justifying conspiracy theories, Trump becoming president

If each chat connection gets a unique ID and zero info on my [pseudo]identity then that's great! Otherwise if this means they'll plug me into their social network to profile me that way - nah, thanks