Hacker News new | past | comments | ask | show | jobs | submit login

Not always. It is not necessary to have a BAA to look up diagnosis information using patient data, so long as the data used maintains the patient’s anonymity.

For example, a doctor googling your symptoms doesn’t require a BAA with google.




If you properly deidentify the patient information, then yes, you are not sending PHI to Google. Proper deidentification is tricky though: https://www.hhs.gov/hipaa/for-professionals/privacy/special-...


Google's black box ad optimization stuff probably links you with the doctor via your searches for them and then links the doctor's searches about your conditions to you based on your own related searches, or do they have safeguards for this?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: