Comment by Terretta

EDIT: Developer included this in a summary:

"Comments on HIPAA: I'm 99% sure this does not apply, since the site is for patients and their families, and no doctors, clinics, hospitals, or insurance companies are involved. All information comes from the family, and stays in the family."

Insofar as no providers or non-family use this, developer may have a point: my comment's covered-entity reasoning can be disregarded.

---

> Anyone who is willing to trust a random developer with their information can do so afaict.

No, not "anyone" in a multi-party app when "someone" is regulated.

This reasoning (a patient can choose to disclose) doesn't apply here, as the app expects providers to info-share new info, ongoing.

The providers are regulated, they have to keep records, and their sides of their tools have to be covered.

That said, even some U.S. national insurance companies bury a clause in their agreement where, to your point, the patient agrees to sort of declassify their info such that it's (the insurer company's theory goes) no longer considered HIPAA and the insurance company can go bananas with it (e.g., sell it to drug companies).

I had lawyers look into this on behalf of our firm benefits, and we challenged that clause. The national insurance company everyone has heard of instantly gave us a new employee insurance agreement without that clause, which suggests to me they knew it was dicey. (Imagine pinging Google and them dropping a clause from their TOS "just for you". That would only happen if they knew it didn't have legs.)

But, dicey or not, it suggests a path to try if you want to attempt this!