That’s kind of my field of day-job … trust me, regardless of regulation, anyone with a phone or an internet connection can access your health data. millions of hipaa “breach” every day, even just casually. They regulate it, audit it, independently verify and validate it, 100 times a year, but every health system (in US) leaks data and HIPAA allows it to a certain extent. It is also very nearly impossible to get copies of health data, or to remove health data from the possession of your providers. When an insurance company goes under a HIPAA audit, be it medicaid, medicare or private, think of the audit as a restaurant going through a health inspection. The employees cleaned up quite a bit before the auditor arrived. One of the reasons the US health system is so fucked is data management is spread across millions of disparate systems that cannot inter-operate and each health care organization spends insane amounts on human resources for data management. I would even venture so far as to say 9 out of every 10 of your healthcare dollars go towards something administrative, not something actually related to the facilitation of doctor meeting/treating patients.
I guess my point is, don’t assume your health data is regulated. 20 years of “innovation” have nullified this once-relevant law that governs your health data. Providers have slurped yours and other folks’ data to the point where they are managing hospitals like amazon warehouses.
