On Sat, Jan 29, 2022 at 10:17 PM vedaal via Gnupg-users <gnupg-users@gnupg.org> wrote: > > On 1/29/2022 at 5:39 PM, "Mauricio Tavares via Gnupg-users" > <gnupg-users@gnupg.org> wrote > > > Not quite. It cares about personal data from people residing in > Europe at the time said data was collected. And even then, you need to > be targeting EU/EEA residents. So, if a German citizen goes to FL and > needs to stop at the emergency care to have a shark bite taken care > of, that data now is owned by the hospital forever, which will figure > out how to make money with it without asking permission. > > ===== > > This is NOT true, > (but may make sense to someone who has never been a hospital patient in the > US.) > > Every hospitalized patient is given a consent form prior to treatment, which > they may edit or refuse to sign. > -It allows release of medical information to the Insurance Carrier, > -to the Patient's private Physician, > -to a third party designated by the patient as a 'next-of-kin-with medical > proxy', should the patient not be in a condition to make decisions, > -or to a third party statistical group following the frequency and outcome of > a particular condition requiring hospitalization. > 1. I myself have been told in more than one occasion by floor supervisors I would not get service at a certain state-owned medical institution unless I signed the consent form. I believe that is also the case with covid vaccines. 2. I sat in a presentation by a certain university owned hospital about how to get access to their patients' data for research. They did state once the data is in their system, it is theirs. Yes, since they are a *medical* organization (this is a subtle detail most people are not aware of) they are subject to HIPAA, but the data is now theirs. And that while a patient could oppose to have his data used, he would have to fill out the forms for each and every single research data, which meant he had to be aware that the data was going to be used in the research. That was one of the questions *I* asked. I also asked about GDPR, to which they replied "oh, we have no European data." I did get an earful from my boss because of those questions, but hey. 3. Note the data offered was not necessarily deidentified. Let me rephrase it: deidentification of data per HIPAA, FERPA, the Privacy Act of 1974 (and its revisions), and NIST sp 800 series is at best pseudoanonymized data per GDPR. So, to quote https://www.theverge.com/2021/6/23/22547397/medical-records-health-data-hospitals-research, it is a "privacy placebo." (I really like that term) 4. https://www.nejm.org/doi/full/10.1056/NEJMp2102616 talks about "deidentified" EHR data being aggregate and sold.
> The patient can choose any, all, any combination, or none of them. > And still get treatment. > Can you provide which regulation states that? I could have used it many times. > > Vedaal > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users