If your friend tells you they have a disease, and you tell someone else, are you breaking HIPAA? No.
In order to break HIPAA you have to first be a covered entity. An example of a covered entity is a Doctor (or provider).
If you tell Google or Facebook that you have some kind of condition, that information is not covered by HIPAA because they are not a medical provider, and therefore have no legal obligation to keep that information private.
If Google or Facebook were being used by your doctor's office or something, then they would need to comply with HIPAA, but it doesn't seem like this is the case here.
source for what OP is talking about: https://privacyruleandresearch.nih.gov/pr_06.asp
> The Privacy Rule applies only to covered entities. Many organizations that use, collect, access, and disclose individually identifiable health information will not be covered entities, and thus, will not have to comply with the Privacy Rule.
The GDPR is a very broad axe, for an organization that isn't a federation and doesn't have a real federal government, the way the US does. The US has legal options and a legal framework that we don't have.
What’s interesting here is: I don’t know much about HIPAA, but I know a bit about the increasing regulation of health apps in the EU. The law is a bit muddy. But you could argue that apps, which gather health data and apply some kind of algorithm to it that helps you understand your body in a better way, fall under the coming Medical Device Regulation. This law will be effective in May 2020.
I would certainly hope they do fall under that regulation. Otherwise, I can certainly see a few developers manipulating their algorithms for health apps in a way to change people's behaviors in order to reinforce some belief the app developer may have.
Could you clarify here? It sounds like there's a sub-text, but I apparently lack the context to "get it".
It would be to allow you to see what the apps are doing, and prevent them from doing what you don't approve of. Including apple apps.
It could be as simple as: prevent this app from using the network.
Furthermore, what if the app tells me that it needs network access to get calendar info or something along those lines - and then actually uses the network for that -, then subsequently uses the network access to siphon off my personal info? Certainly if you had the ability to "see" what an app is doing, you might be able to catch that, but that's well beyond the grasp of most users. Better to be able to inherently trust the app because it was built by a trusted 3rd party. Certainly I agree that it would be nice to be able to disable network access to any app I felt like though.
But, most people on HN don’t seem to understand Apple’s priorities. This is how it should be.
iOS really doesn’t trust third party keyboards.
How do you deny an app network access and allow it to share your data across your own devices? With your partner?
Would you also like to give third party apps access to your biometric data? Your password storage?
commenting only the technical aspect, without suggesting anything is or is not a good idea, apple's operating systems could offer a service whereby apps could hand over data to the OS which it would save to icloud on their behalf, and hand back to only that app or other instances of it (as determined by the user). that, plus normal networking denied to the app would do the job nicely.
That's not what our devices should be, but that's the reality we live in. These devices aren't for us, they are to enable other companies to use us.
Purism Librem 5: https://puri.sm/products/librem-5/
Now that Steam, WINE, and Proton are working reasonably well on a couple of major Linux platforms (Fedora, Ubuntu, and the Arch folks), there really isn't anything my Linux desktop can't do; gaming was the only holdout and that's mostly solved.
Graphics drivers, like the open AMD drivers and Nvidia's binary blob, are decent too.
There are a number of apps that don’t let this information leave your device at all, or end-to-end encrypt it. You just have to find them.
At the phone level, there are still opaque binary blobs, so don't trust blindly.
It's part of why I avoid apps whenever possible. I only install an app if it's a service I really need and there is no other way to use it, e.g. via the web. Web sites can still track but they can't suck location data, sensor data, etc.
However, the cycle tracking capabilities of iOS 13 are fine as a replacement for simple menstrual cycle trackers, but it's too simple to replace more sophisticated cycle trackers that also allow to track more body signals such as the temperature.
I can't say I'm a huge fan of being locked into the ecosystem, however I am relieved to hear that my privacy is actually cared for.
After I found out that tracking the weight and my tooth brushing habits only works if I share the data with a central server, I now basically have a regular electric toothbrush and body balance.
I find tracking weight still invaluable so I get along with it but was also disappointed to learn I needed to send everything their way.
I wonder if it would possible/legal to intercept the requests from the device and route them to a local server implementing the same API endpoints.
> “Changes to your cycle, or abnormalities—like irregular or heavy bleeding, or severe pain—can all signal issues that benefit from medical evaluation,” says Rashmi Kudesia, MD, reproductive endocrinologist and clinical assistant professor of obstetrics and gynecology at Houston Methodist. “If something suddenly changes with your cycle, or your period is late, you may not realize it right away it if you’re not keeping track.”
> If you do keep track, it will be easier to head to your gynecologist if funky stuff starts happening—and easier for them to find out what's going on. Dr. Kudesia also mentions tracking your cycle can be helpful in pinpointing your fertility window and making small lifestyle changes around the time of your period (scheduling extra downtime to combat your low energy, or being mindful of your eating habits when your cravings are in full swing). 
Data from those apps is really valuable from a marketing perspective.
The case with least value is selling it to P&G or whoever just to track how much market share do they have.
If you put a tracker on it (facebook, for example) you can build a custom audience on top of it and promote/sell whatever you want related to reproductive healt and/or sexuality. Not just women.
You could be a little evil and sell women tampons before they have menstruation.
You could be evil and build a custom Facebook audience with users from your app and make money selling them stuff using a retargeting bid (since they are part of your audience).
Or you could be very evit and target partners of women whe ceased to use your app for more than, say, 3-4 months and show ads for DNA paternity tests (which you don't sell, but someone else does and gives a referral fee for it).
Or you could have very, very evil and build an audience around partners of women who might be pregnant, capture the clicks to build another audience (this time yours) and sell porn, tinder, dating/e-whoring, and divorce advice for a fee. Will work because this is a retargeting list (you already marked them as your customers, so bidding will be low for the ads).
Maybe FB audiences should be made public, or you're told if you're in one. It seems a lot more invasive than other Ads software I've looked into (from the perspective of what you could do).
Going beyond that, we use Kindara and see a lot of women turning it into a generic key-value habit/mood/reminder tracker with emojis, etc. So it has value beyond just health.
One has to know when to carry additional supplies beyond the gifter spare and the emergency personal reserve tampons. And when to wear different underwear. And when not to schedule dates. And when to buy chocolate. And when pregnancy is more likely. And when pregnancy is less likely. And when to eat liver. And when to buy analgesics. And when to make travel plans and hotel reservations, and when to not go anywhere for any reason.
All extremely useful to replenish lost blood.
Am I missing something?
That's an average.
Almost all the women I have known occasionally complain about a "heavy month" every now and then. That can be either excessive bleeding in terms of volume lost over a normal time or an excessive time length of bleeding.
And, a 90lb female losing even 200ml of blood is going to feel effects far more than a 250lb male losing 500ml.
Also, for people with irregular cycles, knowing when you (probably) ovulated can help you predict when you’ll start bleeding.
Compared to most health tracking, tracking your menstrual cycle gives you clearly actionable info.
New and expecting parents might be the most valuable demographic, period.
my wife gave birth 18 months ago, we have good insurance and a lot of family that gave us a lot of stuff we needed as gifts. without that we would easily be on the very upper end of the 5 figures by now.
i also exclusively pumped for a year, which cost a few thousand dollars. the pumps alone were $1200. then replacement parts, accessories, random necessities.. can't even count the time and the calorie investment involved (i was eating upwards of 1000 extra calories a day to prevent weight loss).
throw in gear and clothing and...going past $50k for the first 18 months doesn't seem so unrealistic?
Also, one pump is required to be provided by the health insurance company by law, and as now, a new pump costs a a few hundred dollars. This is the most popular one:
A crib/car seat/rocking chair/stroller can be had for $1k total if you stick to mid level stuff, maybe a few thousand if you go super fancy. Food and clothes might be another few thousand.
I wouldn’t count one’s time cost to be of importance to the conversation either, as it’s universal. If we’re comparing how much money came out of parents’ pockets with a baby versus not having baby, I would say at most $10k for most people, I would budget for $15k though (and lost wages due to time off if you don’t have paid parental leave).
based on your math and assumptions i really wonder if you have had a child in the US recently.
These apps can get quite good at predicting irregular cycles.
Some apps will give users warnings of the type "PMS starts tomorrow, expect moodswings", or "expect extreme tiredness" and for people who are heavily affected by their period, this can be a big help in controlling their feelings or just understand their well-being.
If you can show it happens throughout the month, and you have specific data relating whatever symptoms you're experiencing with your cycle, you're a lot more likely to actually get treated for the aliment.
Pregnant or not? Maybe your hormones aren't right - one of the signs is usually change in monthly cycle. Whenever you have to go to the doctor for pap smears and so on, the doctor asks about it. For some folks, their weight determines their cycle length - too much or too little fat can change fertility. Perhaps you get really, really bad PMS (PMDD) and need to take anti-depressants around 2 weeks before the beginning of your cycle.
And more, I'm guessing. I just can't think of another example right now, but in any case, monthly cycles are a big indicator of health issues and can be a great help with life issues as well.
This is sometimes called the "Rhythm Method" or "Fertility Awareness" and a lot of men have self-interested reasons for wanting to know this about a woman.
There is a history of apps optimized for this purpose. Some wholesome for married couples to use, and some for skeezy bachelors who want to track multiple women.
Isn't this crazy - the amount of work people would put in just to have occasional unprotected sex. People are animals.
Well, yes, we're really just pretending otherwise. Also agree with TeMPOralL's sentiment :)
Heart attacks are just point-events on the other hand, they happen and that's that. So knowing full well what a menstruation app is useful for one would still not understand what a similar app for heart attacks could possibly even mean. Calculate your heart attack window? That would be something new indeed, so you are right not to see the point. Just as there is no point in using heart attacks to understand the menstruation cycle.
Doctors ask you if you have a regular cycle, the only way to know that is to track your cycle.
If you're having some sort of issue with your reproductive organs you may track your cycle for a few months to try to better pin down the issue.
Imagine if this were an article about... I dunno, an app that finds cheap toilet paper near your zip code. Would it be laudable if it included a picture of a smeary piece of melted chocolate?
I don't want to see images alluding to pissing or shitting. Do I have a piss and shit stigma?
There's is a difference between highly stylized allusion that relies heavily on contextual priming and “looking like”.
That being said, the picture adds no value.
On the third hand, though, the “large image which makes a highly stylized allusion to some aspect of the subject matter and provides no value” has been a trend in online articles for, what a decade or so now so it is neither surprising nor noteworthy that this one also has one.
Aside from that, what developer thinks, "Hmmm, I need to add analytics, let me see what FaceBook has to offer?" Seriously?
> so I was just told by a female.
What does "female" connote (not a native speaker)? To me, and translated into my language, it sounds like you're talking about a pet, a dog or some other animal. "Oh, it's a female". Translating it to eg Swedish or French, it sounds really weird, whereas the respective word for "woman" would sound normal.
Is it different in English, or is this more a quirk of this forum/certain subcultures?
I don't think it's a HN quirk, you see it on certain subs of reddit as well. So it's probably more of a subculture thing, it could also be that from certain languages translations to "A female" make more sense, but I'm not aware of what that/those languages would be.
Now let's hear from a US English native!
This ("a female") sounds just fine to me. My friends or I might talk this way amongst ourselves(and no, I'm not talking about an all-male, socially mal-adjusted circle of friends).
It's not what you'd call 100% standard mainstream English, but it's no so far outside the norm that I'd think twice about it either. While it's probably not how I'd teach a non-native to speak, I definitely wouldn't read anything into its use here, either.
Chalk it up to subculture, I suppose, as suggested earlier.
If it didn't come from f-droid or you can't compile it yourself you absolutely can't trust it. (even then you still need to be very carefull, just look at what goes on in npm.)
A good number of closed source apps are pathological attacks on both your OS and the public mind, using them is defintitely one of the less responsible things you can do.
Some critters like to eat paper.
Paper has weight.
Paper has volume.
If you leave your papers at home, you can't easily access them by logging in on someone else's papers.
Photocopying seems analogous to copying files at first, but consider the costs of photocopying something. In addition to the expensive machine, you need paper and toner...
It shreds too. This is a feature.
I can't have machine learning algorithms run on my paper to target me ads, either.
Paper needs no network coverage (not Wi-Fi)
iPhone 6 4.55 ounces
Paper notebook (example) 3 ounces
Summing up the risks of flood+fire+critters you have a fraction of the risk for "falling to ground and break screen"+theft+malfunctioning.
You'll need a pen or pencil, though.
"The federal fines for noncompliance are based on the level of perceived negligence found within your organization at the time oft he HIPAA violation. These fines can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for each violation. View our HIPAA fines chart below for the full HIPAA fines list."
And on the same page, according to the HIPAA Violation Penalty Tiers, the fourth and worse tier is "The covered entity acted with willful neglect and failed to make a timely correction".
I bet if these companies got sued for $50,000 per person using them who had their data leaked to facebook, it would get everyone's attention really quickly.
and thats just the cynical response to make fun, so more specifically, it comes down to the company itself that releases these apps, and they are not HIPPA covered entities.
I'm surprised any company keeping health information would be willing to sell that data without extensive legal protection, whether or not that data is protected explicitly under HIPAA. Seems to me like this should be treated like any other PHI breach.
Edit: It seems that none of these are HIPAA violations because these companies aren't classified as medical organisations.