> This really depends on what you consider health data
Nope - because I didn't say "health data". I said "data".
> But I'd argue that the simple fact that you use a health app [...] itself is a major breach
It absolutely is. There is a hypothetical case that's often shown in HIPAA training materials that covers this: a staff member posting a selfie on social media of themselves with a celebrity in a clinical setting (e.g., a waiting room).
Nope - because I didn't say "health data". I said "data".
> But I'd argue that the simple fact that you use a health app [...] itself is a major breach
It absolutely is. There is a hypothetical case that's often shown in HIPAA training materials that covers this: a staff member posting a selfie on social media of themselves with a celebrity in a clinical setting (e.g., a waiting room).