The settlement is the FTC’s first ban on selling sensitive location data.

The Biden administration stopped a company from selling data on people’s medical visits on Tuesday, its first settlement on a privacy issue that has many Americans concerned about who can see their most sensitive personal data — particularly visits to abortion providers.

After an investigation, the Federal Trade Commission said it had reached a settlement with Outlogic, a location data broker formerly known as X-Mode Social, which had been collecting information on people’s visits to medical centers.

The settlement is the first major enforcement on location data since a 2022 executive order directed the government to ramp up privacy protections for anyone seeking an abortion.

The FTC has been cracking down on health privacy violations after the U.S. Supreme Court ruled there is no constitutional right to an abortion when it overturned Roe v. Wade in 2022. A Biden executive order in July 2022 directed federal agencies to protect people’s privacy related to reproductive health care services.

  • KairuByte@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    8
    arrow-down
    14
    ·
    11 months ago

    I really don’t understand why so many people think so many things fall under HIPAA. Just because it is tangentially related to medical information (in this case the fact that your location showed you were close to a medical center), does not mean it falls under HIPAA.

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        11 months ago

        See my reply further down the chain. There’s no need for a law degree, and it’s incredibly simple to tell if HIPAA has even a slight chance of applying.

        Nothing about this situation is related to HIPAA, and doesn’t even come close to HIPAA being relevant. People just throw the acronym around, which is what makes no damn sense.

        This is covered by FTC regulations, and I agree it shouldn’t be allowed to be sold. But not at all something HIPAA would apply to.

    • FarFarAway@startrek.website
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      11 months ago

      During covid, my company was deemed essential. (Non-healthcare) They would send a email alerting people to the fact that someone had had covid in the building, but refused to name that individual due to it “being a HIPAA violation.”

      It was so frustrating. I’m like, that’s not how that works.

      • KairuByte@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        3
        ·
        11 months ago

        Mmmmm that’s actually a little different, depending on where the information was coming from. If you were a third party working to inform people, based on information provided by a healthcare organization, the info could still be covered by HIPAA. It comes down to the originating source of the information, not the company or individual handling it at that point in time.

        • FarFarAway@startrek.website
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          Nothing so formal. More like just the boss of a construction company not telling people if the person at the desk they were loitering at the day before called in sick cause they tested postive for covid. They didn’t want people being conscientious about not infecting anyone else because the spice cash must flow.