- cross-posted to:
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
Twelve of the largest drug stores in the U.S. sent shoppers’ sensitive health information to Facebook or other platforms.
Twelve of the largest drug stores in the U.S. sent shoppers’ sensitive health information to Facebook or other platforms.
How is this not a HIPAA violation?
It is. Pharmacies like CVS fall under covered entities, and must adhere to HIPAA regulations.
HIPAA requires you to know about it to make a complaint. Also, corporations may not count as healthcare providers, so they sneak through a loophole.
None of this is correct. HIPAA obligations are not contingent on a complaint, and being incorporated absolutely is not incompatible with being a healthcare provider.