Protecting Privacy Outside of HIPAA

HIPAA privacy protections, whatever their adequacy, apply only to a set of “covered entities,” largely within the realm of health care treatment and payment for it. The vast realms of public health data, health information entered into individually-maintained personal health records, health information shared in social networking sites or web searches, to take some of the more important examples, are outside of the protections of HIPAA, although in some cases they are at least protected by the Federal Trade Commission’s prohibition of unfair or deceptive trade practices.