Twelve of the largest drug stores in the U.S. sent shoppers’ sensitive health information to Facebook or other platforms.

    • Yendor@reddthat.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      The article discusses this.

      In these cases, a pixel on the pharmacy website is being downloaded by your IP address. I don’t think there’s anything there would constitute PHI (Protected Health Information) under HIPAA.

      In isolation, this data means nothing. But these massive companies can easily link an IP address to a person. And each pixel has a different URL, which identifies what page is calling it (eg, the page that says you’ve added an HIV test to your cart).

      The results of the test would be covered by HIPAA, as would any test administered by a doctor or in a hospital setting. But in a pharmacy only prescriptions are covered by HIPAA - anything non-prescription is unprotected.

      • plz1@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        So if you’re privacy conscious and using something like NextDNS to block pixels and other shady tracking mechanisms at the DNS level, all’s good? When I left Facebook back in 2016, I started with Pihole, but I like NextDNS because it’s easier to use when not at home and I can manage profiles for family members easily in case to do find something they “need” to work. Why people willingly want to see ads is beyond me.

        • Yendor@reddthat.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          It’s hard to say, but basic precautions like a browser based ad blocker would filter out probably 90%+ of this tracking. Firefox and Safari even have this baked in to the browser, you just need to turn it on.

    • Granite@kbin.social
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      HIPAA requires you to know about it to make a complaint. Also, corporations may not count as healthcare providers, so they sneak through a loophole.

      • tal@kbin.social
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        1 year ago

        None of this is correct. HIPAA obligations are not contingent on a complaint, and being incorporated absolutely is not incompatible with being a healthcare provider.