On Sat, Jan 29, 2022 at 10:17 PM vedaal via Gnupg-users
<gnupg-users@gnupg.org> wrote:
>
> On 1/29/2022 at 5:39 PM, "Mauricio Tavares via Gnupg-users"
> <gnupg-users@gnupg.org> wrote
>
>
> Not quite. It cares about personal data from people residing in
> Europe at the time said data was collected. And even then, you need to
> be targeting EU/EEA residents. So, if a German citizen goes to FL and
> needs to stop at the emergency care to have a shark bite taken care
> of, that data now is owned by the hospital forever, which will figure
> out how to make money with it without asking permission.
>
> =====
>
> This is NOT true,
> (but may make sense to someone who has never been a hospital patient in the
> US.)
>
> Every hospitalized patient is given a consent form prior to treatment, which
> they may edit or refuse to sign.
> -It allows release of medical information to the Insurance Carrier,
> -to the Patient's private Physician,
> -to a third party designated by the patient as a 'next-of-kin-with medical
> proxy', should the patient not be in a condition to make decisions,
> -or to a third party statistical group following the frequency and outcome of
> a particular condition requiring hospitalization.
>
1. I myself have been told in more than one occasion by floor
supervisors I would not get service at a certain state-owned medical
institution unless I signed the consent form. I believe that is also
the case with covid vaccines.
2. I sat in a presentation by a certain university owned hospital
about how to get access to their patients' data for research. They did
state once the data is in their system, it is theirs. Yes, since they
are a *medical* organization (this is a subtle detail most people are
not aware of) they are subject to HIPAA, but the data is now theirs.
And that while a patient could oppose to have his data used, he would
have to fill out the forms for each and every single research data,
which meant he had to be aware that the data was going to be used in
the research. That was one of the questions *I* asked. I also asked
about GDPR, to which they replied "oh, we have no European data." I
did get an earful from my boss because of those questions, but hey.
3. Note the data offered was not necessarily deidentified. Let me
rephrase it: deidentification of data per HIPAA, FERPA, the Privacy
Act of 1974 (and its revisions), and NIST sp 800 series is at best
pseudoanonymized data per GDPR. So, to quote
https://www.theverge.com/2021/6/23/22547397/medical-records-health-data-hospitals-research,
it is a "privacy placebo." (I really like that term)
4. https://www.nejm.org/doi/full/10.1056/NEJMp2102616 talks about
"deidentified" EHR data being aggregate and sold.
> The patient can choose any, all, any combination, or none of them.
> And still get treatment.
>
Can you provide which regulation states that? I could have used
it many times.
>
> Vedaal
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
