HIPPA - privacy. Is this coercive violation of our rights?

Posted by rsfcowgirl @rsfcowgirl, Sep 20, 2023

A very well known and helpful non profit, independent medical support association hold conferences, provide assistance, etc to a group of people within a certain diagnosis. They have no medical equivalent for what they offer.
In order to even access their on line conferences, they require you to provide detailed private personal and medical information. This includes but is not limited to full name, physical address, age, role (patient, caregiver etc), diagnosis (medical distinguishing type of), date of dx, stage, type of tx, status of treatment and more.
You CANNOT participate with them unless you provide all required information.
I submitted all of this extremely reluctantly. But had 2nd thoughts. I rescinded my permission for them to retain my data and therefore am unable to access any information or services or benefits.
They are DATA MINING people and to do so they coerce them to relinquish their HIPPA rights and protections in order to access information and participate with similarly situated co- suffers, IMO.
What are your thoughts?
Do you think this is a serious matter?
Do you think this should be prohibited regardless of whether HIPPA is construed to apply to them or not?

Interested in more discussions like this? Go to the Just Want to Talk Support Group.

WOW! I worked in the medical field for years and remember when the HIPPA Act came into effect. I agree with you about rescinding your info to this organization. You were wise. That's scary. Hugs & Prayers....

REPLY
@covidstinks2023

WOW! I worked in the medical field for years and remember when the HIPPA Act came into effect. I agree with you about rescinding your info to this organization. You were wise. That's scary. Hugs & Prayers....

Jump to this post

I very much appreciate your response. I notified the association of my objection and views. I'm going to decide what, if anything, I should do about the issue to formally address the actual process they require after I get a general consensus of views. If you have further thoughts, please share then with me. Blessings.

REPLY

@rsfcowgirl I would be interested to hear what their response might be if you ask them "why all the information required?"
-Are they attempting to block anyone from accessing information they want to be the only ones to parcel out?
-Are they creating a database for targeted marketing?
Ginger

REPLY
@rsfcowgirl

I very much appreciate your response. I notified the association of my objection and views. I'm going to decide what, if anything, I should do about the issue to formally address the actual process they require after I get a general consensus of views. If you have further thoughts, please share then with me. Blessings.

Jump to this post

I can only tell you what I would do.
I would report them to;
OCRCompliance@hhs.org

If there is truly a violation they will deal with that and you will have saved someone else.

REPLY
@auntieoakley

I can only tell you what I would do.
I would report them to;
OCRCompliance@hhs.org

If there is truly a violation they will deal with that and you will have saved someone else.

Jump to this post

Key action to take. Thank you very much for the information.

REPLY

The abbreviation is HIPAA. Here is the website if anyone is interested in reading about this federal policy:

HIPAA Home/US Department of Health and Human Services:
https://www.hhs.gov/hipaa/index.html

REPLY
@gingerw

@rsfcowgirl I would be interested to hear what their response might be if you ask them "why all the information required?"
-Are they attempting to block anyone from accessing information they want to be the only ones to parcel out?
-Are they creating a database for targeted marketing?
Ginger

Jump to this post

They are data mining a wide range of information from people from the public they are not entitled to have and would otherwise not have access to. They want it for their own use, sale, leverage, etc. This org is large, professionally connected and heavily funded, including from research sources. They are quite legitimate. But they use people falling under their scope of focus as a data farm in exchange for information and the ability to connection with others. They DO provide valuable assistance, direction and information. But recipients pay a high cost for it. Some may not mind. But I'm not one of those people, at this point. I hit my threshold when they required downloading a funky 2nd rate app right before the conference, and having to provide certain information to also this 3rd party in order to view a conference. After I begrudgingly did even that, creating an account with them too, I still couldn't view. The org didn't provide a link. They passed access off to an online service where you needed to provide addtl disclosure + establish another acct with them. They sprung this on registrants at the last minute- slightly before the long promoted conference started! A final hoop at the last minute. More data given to some unknown online app service. I realized my personal+ medical data is the price of admission. And I don't like it. I want this type of coercive privacy violation stopped. It's a form of abuse of sick people, many without hope or options. It's exploitation. It's offensive to me. We're sick and many, dying people. We're not 'data' in a data farm. I felt desperate when I first had contact with them, as many do. But now I feel somewhat preyed upon and it doesn't feel good. If they get a penny of federal funding, which they likely do, they will be accountable for their approach of withholding their help and new medical knowledge from desperate people unless the people surrender extensive personal and medical privileged information ...aka DATA.

REPLY
@rsfcowgirl

They are data mining a wide range of information from people from the public they are not entitled to have and would otherwise not have access to. They want it for their own use, sale, leverage, etc. This org is large, professionally connected and heavily funded, including from research sources. They are quite legitimate. But they use people falling under their scope of focus as a data farm in exchange for information and the ability to connection with others. They DO provide valuable assistance, direction and information. But recipients pay a high cost for it. Some may not mind. But I'm not one of those people, at this point. I hit my threshold when they required downloading a funky 2nd rate app right before the conference, and having to provide certain information to also this 3rd party in order to view a conference. After I begrudgingly did even that, creating an account with them too, I still couldn't view. The org didn't provide a link. They passed access off to an online service where you needed to provide addtl disclosure + establish another acct with them. They sprung this on registrants at the last minute- slightly before the long promoted conference started! A final hoop at the last minute. More data given to some unknown online app service. I realized my personal+ medical data is the price of admission. And I don't like it. I want this type of coercive privacy violation stopped. It's a form of abuse of sick people, many without hope or options. It's exploitation. It's offensive to me. We're sick and many, dying people. We're not 'data' in a data farm. I felt desperate when I first had contact with them, as many do. But now I feel somewhat preyed upon and it doesn't feel good. If they get a penny of federal funding, which they likely do, they will be accountable for their approach of withholding their help and new medical knowledge from desperate people unless the people surrender extensive personal and medical privileged information ...aka DATA.

Jump to this post

You said, "They are data mining a wide range of information from people from the public they are not entitled to have and would otherwise not have access to."

But, who decides what information people are entitled to collect?
We have no national "Privacy Policy" or "Privacy Law." HIPAA does not apply in this situation because the organization is not either a Health Insurance Company nor a Health Care Provider (nor a Clearinghouse for either one.)

Can you imagine what would be involved in crafting a national Privacy Law, defining every circumstance to which it would apply, aligning it with state and local regulations, and enforcing it?

For example, how would this align with state drivers' licenses requiring corrective lens restrictions, and medically required driving restrictions? Or with the FAA denying pilot licenses to people with uncontrolled seizure disorders? Or schools needing to know about students with Type 1 diabetes requiring staff monitoring?

When you say "I realized my personal+ medical data is the price of admission. And I don't like it. I want this type of coercive privacy violation stopped..." you need to realize this is not coercive, it is voluntary. The organization has the right to allocate its resources in a way that 1)Reserves it to those most in need of their services and 2)Gives them some sort of "payment" in exchange for their service.

Finally, did you read all the "fine print" they included? I am sure that somewhere within it there was a statement similar to "your personal identifying information will not be shared outside this organization" or something similar.

So, what prevents getting our sensitive information disseminated into the wrong hands? Our personal vigilance. All that said, like you, there are times I have declined to participate in many events because I was not willing to share personal medical, financial or social information.

Did you communicate your outrage directly to the organization? If so, what was their response? That is the best way to register you complaint where it can do the most good.
Sue

REPLY
@sueinmn

You said, "They are data mining a wide range of information from people from the public they are not entitled to have and would otherwise not have access to."

But, who decides what information people are entitled to collect?
We have no national "Privacy Policy" or "Privacy Law." HIPAA does not apply in this situation because the organization is not either a Health Insurance Company nor a Health Care Provider (nor a Clearinghouse for either one.)

Can you imagine what would be involved in crafting a national Privacy Law, defining every circumstance to which it would apply, aligning it with state and local regulations, and enforcing it?

For example, how would this align with state drivers' licenses requiring corrective lens restrictions, and medically required driving restrictions? Or with the FAA denying pilot licenses to people with uncontrolled seizure disorders? Or schools needing to know about students with Type 1 diabetes requiring staff monitoring?

When you say "I realized my personal+ medical data is the price of admission. And I don't like it. I want this type of coercive privacy violation stopped..." you need to realize this is not coercive, it is voluntary. The organization has the right to allocate its resources in a way that 1)Reserves it to those most in need of their services and 2)Gives them some sort of "payment" in exchange for their service.

Finally, did you read all the "fine print" they included? I am sure that somewhere within it there was a statement similar to "your personal identifying information will not be shared outside this organization" or something similar.

So, what prevents getting our sensitive information disseminated into the wrong hands? Our personal vigilance. All that said, like you, there are times I have declined to participate in many events because I was not willing to share personal medical, financial or social information.

Did you communicate your outrage directly to the organization? If so, what was their response? That is the best way to register you complaint where it can do the most good.
Sue

Jump to this post

First, this was a medical diagnosis- based-conference. In person and virtual. There is no allocation of resources issue. They are a funded non-profit for this medical condition. They chose not to charge money for watching a conference and giving same-diagnosed people + others the ability to connect if they wished to. There is no comparison to govt services you compared this with. You WERE REQUIRED to answer EVERY PERSONAL AND MEDICAL QUESTION in order to register. They are not healthcare providers! They are an information and support NGO.
In fact, the 'fine print' stated you also release your information, publication of your image ( if captured at the conference or on Zoom ( Zoom was previously the app) and more. And without compensation or permission required.
Yes, l communicated my outrage directly and informed them I withdraw permissions for retention +/or sharing of any + all of my data inc that which may be held in 3rd party databases. I expressed to them exactly my position as I stated here. I added I recognize they do much good but they demand too much in exchange --- submission of extensive personal+ medical data, some of which goes to 3rd parties.
What my view is that they are compiling a database for their own general disease- specific research as well as compling for a pool of potential subjects for emerging medical trials. But whatever the reason, I object to being required to disclose extensive personal and medical information AS A REQUIREMENT to view a medically related informational conference on a medical condition by a non- profit group that's open to the public. It's unrestricted, unlike some actual medical conferences for medical professionals which only require your name and license, or other purpose such as media. HOWEVER, you MUST submit all their required information. You, Sue, are free to have the view they have the right to proceed this way. I don't agree because they are funded and function as an NGO- a medical non profit - tax exempt- agency. I believe they overreach their purpose, and the manner in which they do it, imo, is coercive and imposes unnecessary obstacles to access of information, which is their mission.
This referred situation is SOMEWHAT analagous to being required to submit a detailed form starting w name, DOB, street address, dx, date of dx, stage + type of tx before you can read the article posted on this forum by the Mayo Clinic Dr on the Glimmer of Hope for PASC ( Long Covid) and read and respond to the posts of others. Even this is not an equivilent analogy is because Mayo Clinic is a MEDICAL entity. That makes all the difference.

REPLY
@rsfcowgirl

First, this was a medical diagnosis- based-conference. In person and virtual. There is no allocation of resources issue. They are a funded non-profit for this medical condition. They chose not to charge money for watching a conference and giving same-diagnosed people + others the ability to connect if they wished to. There is no comparison to govt services you compared this with. You WERE REQUIRED to answer EVERY PERSONAL AND MEDICAL QUESTION in order to register. They are not healthcare providers! They are an information and support NGO.
In fact, the 'fine print' stated you also release your information, publication of your image ( if captured at the conference or on Zoom ( Zoom was previously the app) and more. And without compensation or permission required.
Yes, l communicated my outrage directly and informed them I withdraw permissions for retention +/or sharing of any + all of my data inc that which may be held in 3rd party databases. I expressed to them exactly my position as I stated here. I added I recognize they do much good but they demand too much in exchange --- submission of extensive personal+ medical data, some of which goes to 3rd parties.
What my view is that they are compiling a database for their own general disease- specific research as well as compling for a pool of potential subjects for emerging medical trials. But whatever the reason, I object to being required to disclose extensive personal and medical information AS A REQUIREMENT to view a medically related informational conference on a medical condition by a non- profit group that's open to the public. It's unrestricted, unlike some actual medical conferences for medical professionals which only require your name and license, or other purpose such as media. HOWEVER, you MUST submit all their required information. You, Sue, are free to have the view they have the right to proceed this way. I don't agree because they are funded and function as an NGO- a medical non profit - tax exempt- agency. I believe they overreach their purpose, and the manner in which they do it, imo, is coercive and imposes unnecessary obstacles to access of information, which is their mission.
This referred situation is SOMEWHAT analagous to being required to submit a detailed form starting w name, DOB, street address, dx, date of dx, stage + type of tx before you can read the article posted on this forum by the Mayo Clinic Dr on the Glimmer of Hope for PASC ( Long Covid) and read and respond to the posts of others. Even this is not an equivilent analogy is because Mayo Clinic is a MEDICAL entity. That makes all the difference.

Jump to this post

I reiterate that, however distasteful their policy is to you and me, they are not violating any laws. As long as they disclose their policies in advance there is no fraud or deception involved. As long as they are not one of the groups covered by HIPAA, they are not governed by its requirements.

NGO's and non-profits, even those organized around a health condition, or possibly receiving government funds, do not have any special restrictions under the Internal Revenue Code or other Federal regulations, except as may pertain to how they use a specific grant or source of funding.

If you are convinced this needs to change, you might wish to begin by consulting with one of the many privacy rights advocacy organizations to find out how you can help initiate new laws or regulations.

And we can respectfully agree to disagree on this matter.
Sue

REPLY
Please sign in or register to post a reply.