James P. AlbiniDec 12, 2023
Dan Gillmor

American pharmacies are handing private information about their customers over to the police without even a warrant. Contempt for privacy -- with potential "criminal" consequences in anti-abortion states -- has never been more blatant, or dangerous.

As usual, Congress can't be bothered to give a damn.

https://www.theverge.com/2023/12/12/23998869/cvs-kroger-and-rite-aid-will-hand-over-your-medical-data-to-the-police-without-a-warrant

CVS, Kroger, and Rite Aid will hand over your medical data to the police without a warrant.

The Verge
Dec 12, 2023 at 8:58pmWeb
Show threadArtemesiaDec 12, 2023
@dangillmor how does this not violate HIPAA?
Show threadJoe OrtizDec 12, 2023
@artemesia @dangillmor Via a series of loopholes probably.
Show threadArtemesiaDec 13, 2023
@joeo10 @dangillmor Per arstechnica, health care providers are permitted to disclose medical information to law enforcement. Most people take that to mean "get a subpoena", but HIPAA doesn't specify. So that permits the health care provider to make their own interpretation, which could be as weak as "flashed a badge". This needs a legislative fix.
Show threadMyMiloCat+MydogNoodlesDec 12, 2023
@dangillmor another reason to patronize your local small - ish pharmacy. While you still can
Show threadJoe OrtizDec 12, 2023
@LeslieVS1965 @dangillmor This applies to all pharmacies in the US by the way. Even smaller ones aren't safe from this.
Show threadMyMiloCat+MydogNoodlesDec 12, 2023
@joeo10 @dangillmor wow I hope not! When my neighborhood pharmacy in upstate NY closed, it was either CVS, which made a mess of my meds list, or the supermarket pharmacies .... Most probably owned by ? -
Show threadJoe OrtizDec 12, 2023

@LeslieVS1965 @dangillmor I'll repeat what I said earlier when I shared this:

This is sadly tolerated because the US doesn't have a single privacy and transparency law in the books (at least in the federal level). Plus HIPPA is toothless in these cases since companies and law enforcement find loopholes to get around HIPPA.

Show threadAndreas KDec 13, 2023

@dangillmor Stupid questions:

a) how is that (just in general) surprising? That wonderful 3rd party doctrine in the USA means that your data has basically no expectation of privacy.

b) but in this specific case, how does this actually work in relation to HIPAA?

Show threadDan GillmorDec 13, 2023
@yacc143 Sadly unsurprising given Congress' clear hostility to privacy for everyone but itself. Don't know enough about the medical privacy law to say whether this shreds it or merely ignores it.