HIPAA rules only apply to covered entities and business associates. An individual can do whatever they like with their patient information. You could logon to your Facebook account and post your own health information without any HIPAA consequences. You wouldn’t because you don’t want to share your personal information with the world. However, there are many different health apps and trackers you may be using, these are called Personal Health Applications (Fitbit, period tracker, Apple Health, connected digital scales, blood pressure monitors, blood sugar monitors, etc.)
When the application or program was provided by a covered entity or business associate, that application will fall under HIPAA guidelines. Therefore, as a provider, it is your responsibility to ensure that any applications you use to communicate with patients is secured. These applications can be a patient portal, online patient scheduling, secure communications, etc. If a patient takes PHI from the application, such as downloading their records from the patient portal, that information no longer falls under HIPAA guidelines.
As an individual, any personal application that you choose to access or store patient information is not covered by HIPAA. When you agree to the terms of service, you may be allowing the application to share your personal information without your consent. This is especially important with the status of Roe v Wade. Period tracking applications and other health-information applications do not have stringent security settings. The applications are not under any guidelines that prevent them from sharing patient information with third parties.
According to HHS guidelines, some steps to decrease your digital footprint are:
- ⋅ Avoid downloading unnecessary applications
- ⋅ Deny permission to share location whenever possible
- ⋅ Turn off your location settings on your cellphone and tablet whenever possible
Search browsers are not covered under HIPAA. Google has announced that it will delete visits to “medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others” from Location History after they visit. It is currently unknown how that will apply to medical providers such as podiatrists. Before searching for sensitive information or medical facilities, check what the privacy settings are on your browser and search engine.
The good news is that like Google, many apps are taking it into their own hands to protect their users’ information. Period tracker, Flo announced on their twitter that they will be launching an “Anonymous Mode” that removes personal identifiers from your Flo account. Another period tracker, Stardust, has announced on their TikTok that they will be encrypting users data. Clue has announced that they are protecting users data under GDPR data security regulations.
As a provider, it is your responsibility to utilize programs that maintain your patient information securely. As an individual, any disclosure of your health information to applications or programs not provided by your provider is likely not to be regulated by HIPAA. Take steps to protect your PHI by limiting who you share your information with. And when necessary, limit the amount of information you give them access to.