Hacker News new | comments | show | ask | jobs | submit login

I've lost track of how many times I've said this on HN:

We need HIPPA for all personal information, not just medical. We have an expectation of privacy in being "lost in the crowd" when we're out and about. Our physical & online whereabouts, who we're physically with, who we're communicating with, our personal contact information, and obviously payment information is private information that can be harmful if not kept private (false positives in automated legal systems, identity theft, and including all the defenses of securing medical information).

Anybody who chooses to hold such information must regard it with a high level of respect and privacy. Since nobody is doing so, and there are no penalties for violating privacy, and this gets into fundamental rights and proper functioning of society, it seems applicable to federal law.

HIPAA does not make your medical information private, it makes it Portable. Whether it has improved the protection of your digitized medical records is debatable, but it definitely forced almost every industry remotely related to medical care (and some previously unrelated industries) to digitize their records and share them.

Sure, paper medical records suck and aren't inherently more or less secure, but no one breaks into a car and runs away with 500 patients' medical histories when each patient's record fills pages, folders, or filing cabinets, rather than bytes on a hard drive (or even better, it slips away through a network connection that no one in the hospital even knew existed thanks to a back door on a piece of medical equipment).

HIPAA largely means that your medical information has been outsourced to whatever software/network/hardware provider claimed they could do the job (and whoever they outsourced the job to in some cases). If you don't sign whatever HIPAA agreement(s) your provider puts in front of you, chances are they can't treat you, so what choice do you really have?

Do you really think HIPAA is the only reason medical providers are going digital?

>We need HIPPA for all personal information, not just medical.

The UK has the Data Protection Act which does some of this.

One radical option would be to grant people copyright over their own PII (with about a billion caveats to allow journalism etc.)

>with about a billion caveats to allow journalism etc.

Then you'd just see setups like the financial industry has. You get analysts, call them journalists, and have people subscribe to your publication. The journalists go get insider-ish tips and 'publish' them to a select group of followers.

With laws like that you'd just hire a full time business analytics journalist to cover your store.

Who is this we? America opted out of the OECD privacy framework.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact