this post was submitted on 10 Jul 2024
1767 points (98.8% liked)

Memes

45655 readers
2613 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 4 months ago (6 children)

HIPAA applies to whichever entity consciously chooses to move/store data.

Generally, after a patient downloads a healthcare-related item, they are that entity - and as the patient, they have full control/decisions about where it goes, so they can't violate their own HIPAA agreement even if they print it and scatter it to the wind.

BUT, if your operating system "decides" to upload that document without the user's involvement, then Microsoft is that entity - and having not received conscious permission from the patient, would be in violation. It's an entirely different circumstance if the user is always going through clear prompts, but their more recent OneDrive Backup goal has been extremely forceful and easy to accidentally turn on - even to the point of being hard to disable. As you said, encryption has nothing to do with it.

[–] [email protected] 2 points 4 months ago (4 children)

LOL. You really think Microsoft doesn't have an army of lawyers ensuring they comply with laws like HIPAA?

[–] [email protected] 6 points 4 months ago (3 children)

When they’re specifically writing business plans designed for hospitals, sure, they can likely account for it. But not when designing end user services that are laissez-faire about user data privacy - on the random things people put in “My Documents”. As with many organizations, it’s very possible the two parts of the corporation don’t talk to each other.

[–] [email protected] 1 points 4 months ago (1 children)

That's not how it works. Microsoft knows Windows will be used in medical settings. They know "but it's a product for home users" won't be an effective defense if they cause a HIPAA violation.

[–] [email protected] 4 points 4 months ago (1 children)

They also should “know” that being forceful about backup prompts, AI features, and major version upgrades will irritate users into switching off their OS, and yet they’re doing it anyway. Logic is not driving their actions; greed for data is.

[–] [email protected] -4 points 4 months ago

Microsoft makes is money by selling products and services. Your data is not nearly as valuable as you think it is.

load more comments (1 replies)
load more comments (1 replies)
load more comments (2 replies)