Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

At my last job the traffic was filtered through a proxy due to FINRA regulations. I’d see Portuguese ads for diabetes medication and there were 2 Brazilian guys in the office.

Seemed like a major HIPAA violation to me.



HIPAA only keeps healthcare providers from sharing your information. It's not an omnibus shield for your health information. If Alice tells her coworker Bob that she had diabetes, it's not a HIPAA violation for Bob to tell Charlie.


> HIPAA only keeps healthcare providers from sharing your information. It's not an omnibus shield for your health information.

Maybe not, but GDPR sure is.


Is it really? If Alice tells Bob she has diabetes and Bob tells Charlie, is Bob in violation of GDPR?


Are Bob and/or Charlie the name of a person or of a company?

How you're using it, it sounds like Bob or Charlie in your mind is a person. I might be wrong in interpreting it that way. If so could you give another example where Bob and Charlie are companies and the information of Alice is part of a transaction.


GP's comment paints Alice/Bob/Charlie as people:

>If Alice tells her coworker Bob that she had diabetes, it's not a HIPAA violation for Bob to tell Charlie.

I was responding to the parent comment's claim that it's not a HIPAA violation but rather a GDPR violation.


No, GDPR does not apply between 2 persons.


> Individuals can also face fines for GDPR violations if they use other parties' personal data for anything other than personal purposes.

https://www.coredna.com/blogs/gdpr-fines


It would have been a more funny story if it were ads for Viagra ;)


Because erectile dysfunction is funnier than diabetes?


Not really. Those sorts of ads are sent without targeting.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: