Facebook’s policy false sense of security doesn’t protect users personal data

Facebook users throughout the world expressed outrage when news broke that their personal information had been shared without their consent with Cambridge Analytica, a United Kingdom-based political consulting firm. Facebook has pledged to do a better job of protecting consumers in the future.

Despite such well-known privacy breaches, many online users have a false sense of security when it comes to sharing their medical information online or in apps. In an article released today in the Journal of the American Medical Association, University of Missouri School of Law Professor Sam Halabi argues that current laws put too many consumers’ sensitive medical information at risk, compromising their privacy.

“Individuals’ health data are now solicited, aggregated, analyzed, shared and sold in ways poorly understood and largely unregulated,” Halabi wrote with co-authors Lawrence Gostin of Georgetown University and Kumanan Wilson of the University of Ottawa. “Currently, there are major gaps and inconsistencies in health privacy safeguards.”

The most well-known U.S. medical privacy law—the Health Insurance Portability and Accountability Act, or HIPAA—safeguards medical information but only for “covered entities,” such as health plans and health care entities. It does not cover data collection by social media, wellness apps and similar services.

Read more about their arguments here.