Psycho-Babble Administration Thread 1102664

Shown: posts 2 to 26 of 27. Go back in thread:

 

Re: Designation of a data protection officer

Posted by ert on December 31, 2018, at 10:31:25

In reply to Designation of a data protection officer, posted by ert on December 31, 2018, at 9:39:25

i do not possess the moral authority, wisdom and knowledge to make any decisions but can give food for thought for several people involved in a decision making process.

 

Re: Designation of a data protection officer

Posted by ert on December 31, 2018, at 22:15:02

In reply to Re: Designation of a data protection officer, posted by ert on December 31, 2018, at 10:31:25

Robert C. hsiung obviously makes money with copyright infringements. Neither as a participant or a taxpayer I would be satisfied by that.

Clearly, unlawful.

AcknowledgmentsThis study was supported by NIMH R-34 R34 MH 073742-01 and NIMH K-08 MH 072918-01A2 (Dr. Van Voorheessalary support during study

Disclosure StatementDr. Van Voorhees has served as a consultant for PrevailHealth Solutions, Inc., Mevident, Inc., Verimed, Inc., and SocialKinetics, Inc. The University of Chicago has granted a no-costlicense to Mevident, Inc., to adapt the CATCH-IT intervention.Dr. Van Voorhees has agreed to support the company working5.5 days as consultant at $1,000/day. Dr. Hsiung is the singlemember of Dr. Bob, LLC, which owns and operates the Psycho-Babble ISG. The net revenue of Dr. Bob, LLC, is less than $1000/year. All other authors have no competing financial interests

(PDF) First, Do No Harm: Referring Primary Care Patients with Depression to an Internet Support Group. Available from: https://www.researchgate.net/publication/317987568_First_Do_No_Harm_Referring_Primary_Care_Patients_with_Depression_to_an_Internet_Support_Group [accessed Jan 01 2019].

 

Re: Designation of a data protection officer

Posted by ert on December 31, 2018, at 22:51:31

In reply to Re: Designation of a data protection officer, posted by ert on December 31, 2018, at 22:15:02

...with stolen health data and infringements. it is a criminal case.

 

Re: Designation of a data protection officer

Posted by ert on January 1, 2019, at 6:11:17

In reply to Re: Designation of a data protection officer, posted by ert on December 31, 2018, at 22:51:31

> ...with stolen health data and infringements. it is a criminal case.
>
>

for the us americans actually not since it's less made than 1000$ if it's true. but I am not completely sure about the us medical data. nevertheless foreign law is grossly violated.

 

Re: Designation of a data protection officer

Posted by ert on January 1, 2019, at 6:56:19

In reply to Re: Designation of a data protection officer, posted by ert on January 1, 2019, at 6:11:17

if he is considered as a covered entity by law (and he does bill with assurances as stated on his website) then the https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E is violated.

 

Re: Designation of a data protection officer

Posted by ert on January 1, 2019, at 7:23:50

In reply to Re: Designation of a data protection officer, posted by ert on January 1, 2019, at 6:56:19

> if he is considered as a covered entity by law (and he does bill with assurances as stated on his website) then the https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E is violated.

Protected health information
Protected health information means individually identifiable health information:
(1) Except as provided in paragraph (2) of this definition, that is:
(i) Transmitted by electronic media;
(ii) Maintained in electronic media; or
(iii) Transmitted or maintained in any other form or medium.


and discloses transmits it by electronic media such as the internet if it isn't a transmission to an assurance as minimal data set or in case of an emergency, as far as I understand would signify a violation.

 

Re: Designation of a data protection officer

Posted by ert on January 1, 2019, at 8:02:21

In reply to Re: Designation of a data protection officer, posted by ert on January 1, 2019, at 7:23:50

In case of us law and the hippa that actually signifies theft of medical data since he wont revoke the participants permissions and instead publishes it publicly on the internet. As in my case and maybe many more participants, lied that he will revoke but did not effectuate the wish.

 

Re: These are violations against the HIPAA, ...

Posted by ert on January 1, 2019, at 23:14:25

In reply to Re: Designation of a data protection officer, posted by ert on January 1, 2019, at 8:02:21

... copyright law, many international laws among others the GDPR.

The FAQ's of this Website is illegal. The content of the database consists of too much infringed material.

 

Re:second, do they really need to get harmed ???

Posted by ert on January 4, 2019, at 2:31:57

In reply to Re: These are violations against the HIPAA, ..., posted by ert on January 1, 2019, at 23:14:25

they obviously referred pediatric patients to this site. I have already found out the name for the next study with that they could garner the grants:

second, do they really need to get harmed ???


AcknowledgmentsThis study was supported by NIMH R-34 R34 MH 073742-01 and NIMH K-08 MH 072918-01A2 (Dr. Van Voorheessalary support during study

Disclosure StatementDr. Van Voorhees has served as a consultant for PrevailHealth Solutions, Inc., Mevident, Inc., Verimed, Inc., and SocialKinetics, Inc. The University of Chicago has granted a no-costlicense to Mevident, Inc., to adapt the CATCH-IT intervention.Dr. Van Voorhees has agreed to support the company working5.5 days as consultant at $1,000/day. Dr. Hsiung is the singlemember of Dr. Bob, LLC, which owns and operates the Psycho-


Babble ISG. The net revenue of Dr. Bob, LLC, is less than $1000/year. All other authors have no competing financial interests

(PDF) First, Do No Harm: Referring Primary Care Patients with Depression to an Internet Support Group. Available from: https://www.researchgate.net/publication/317987568_First_Do_No_Harm_Referring_Primary_Care_Patients_with_Depression_to_an_Internet_Support_Group [accessed Jan 01 2019].

 

Re: Chicago Introduces Data Protection Ordinance

Posted by ert on January 14, 2019, at 5:56:27

In reply to Re:second, do they really need to get harmed ???, posted by ert on January 4, 2019, at 2:31:57

https://www.huntonprivacyblog.com/wp-content/uploads/sites/28/2018/06/Chicago-Ordinance_April-2018.pdf

 

Re:Designation of a data protection officer

Posted by ert on January 14, 2019, at 6:02:54

In reply to Re: Chicago Introduces Data Protection Ordinance, posted by ert on January 14, 2019, at 5:56:27

if not taken down and changed to telegram the administrator is at best put under oversight of an independent data protection officer (with admin capabilities) that directly reports to the data protection offices in the US, in Europe and elsewhere.

 

Re: Designation of a data protection officer

Posted by rjlockhart37 on January 17, 2019, at 21:49:31

In reply to Re: Designation of a data protection officer, posted by ert on January 1, 2019, at 8:02:21

The HIPPA regulation, confidentiality but this site states very well, that what you write here, is ... check the disclaimer part, this is not really considered an actual medical site, it's just community. It says whatever you write here, you need to careful what you say. I don't think this site is considered confidential medical records, this is more like a board for entire internet to have access too

there's so much i don't know about this, i mean all these legal things that your listing, i just ... i don't think that could be enforced because there already operating this site

 

Re: Designation of a data protection rjlockhart37

Posted by ert on January 18, 2019, at 11:46:25

In reply to Re: Designation of a data protection officer, posted by rjlockhart37 on January 17, 2019, at 21:49:31

that is what the disclaimer of this site says. but this is not what it really is. it is indeed a medical site with medical data and profiles that is uploaded and the content is used to conduct medical studies. there is not an opt out possibility and there is no way that your data can be deleted. many laws are violated but this will be changed. I hope your're not employed by the government rjlockhart37, must be hard not to receive your paycheck....

 

Re: Designation of a data protection rjlockhart37

Posted by ert on January 18, 2019, at 11:56:04

In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 11:46:25

this is not really considered an actual medical site, it's just community...

if this is written in the disclaimer, then this is again a misleading statement, as if someone would scatter sand in your eyes.

 

Re: Designation of a data protection rjlockhart37

Posted by ert on January 18, 2019, at 13:09:32

In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 11:56:04

Is hsiung a covered entity: yes
Does he transmit that data electronically: yes
Does he possess PHI and Individually identifiable health information data: yes
Does he disclose it: yes, to the public
Does he allow to revoke a given permission for a disclosure: no

 

Re: Designation of a data protection rjlockhart37

Posted by ert on January 18, 2019, at 13:20:23

In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 13:09:32

> Is hsiung a covered entity: yes
> Does he transmit that data electronically: yes
> Does he possess PHI and Individually identifiable health information data: yes
> Does he disclose it: yes, to the public
> Does he allow to revoke a given permission for a disclosure: no
>

from hhs.gov

Criminal Penalties. A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Priv

he also sells it...

 

Re: Designation of a data protection rjlockhart37

Posted by ert on January 18, 2019, at 13:31:56

In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 13:20:23

> > Is hsiung a covered entity: yes
> > Does he transmit that data electronically: yes
> > Does he possess PHI and Individually identifiable health information data: yes
> > Does he disclose it: yes, to the public
> > Does he allow to revoke a given permission for a disclosure: no
> >
>
> from hhs.gov
>
> Criminal Penalties. A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Priv
>
> he also sells it...
>
>

by definition it is not necessary to be a patient from Hsiung. But there's a catch. he were not a covered entity, the Hipaa would not apply. that's how I understand it. but many other laws are violated too.

 

Re: Designation of a data protection rjlockhart37

Posted by ert on January 18, 2019, at 14:04:40

In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 13:31:56

> > > Is hsiung a covered entity: yes
> > > Does he transmit that data electronically: yes
> > > Does he possess PHI and Individually identifiable health information data: yes
> > > Does he disclose it: yes, to the public
> > > Does he allow to revoke a given permission for a disclosure: no
> > >
> >
> > from hhs.gov
> >
> > Criminal Penalties. A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Priv
> >
> > he also sells it...
> >
> >
>
> by definition it is not necessary to be a patient from Hsiung. But there's a catch. he were not a covered entity, the Hipaa would not apply. that's how I understand it. but many other laws are violated too.

45 CFR 164.514

the de-idenfication is not sufficient. e.g. names, geographics subdivisions but notably <any other unique identifying characteristic too>. furthermore the posts can be puzzled together.

 

Re: Designation of a data protection rjlockhart37

Posted by ert on January 18, 2019, at 14:18:41

In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 14:04:40

> > > > Is hsiung a covered entity: yes
> > > > Does he transmit that data electronically: yes
> > > > Does he possess PHI and Individually identifiable health information data: yes
> > > > Does he disclose it: yes, to the public
> > > > Does he allow to revoke a given permission for a disclosure: no
> > > >
> > >
> > > from hhs.gov
> > >
> > > Criminal Penalties. A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Priv
> > >
> > > he also sells it...
> > >
> > >
> >
> > by definition it is not necessary to be a patient from Hsiung. But there's a catch. he were not a covered entity, the Hipaa would not apply. that's how I understand it. but many other laws are violated too.
>
> 45 CFR 164.514
>
> the de-idenfication is not sufficient. e.g. names, geographics subdivisions but notably <any other unique identifying characteristic too>. furthermore the posts can be puzzled together.
>
>

45 CFR 164.514

(i) Applying such principles and methods, determines that the risk is very small that the information could be used, alone OR IN COMBINATION WITH OTHER REASONABLY AVAILABLE INFORMATION, by an anticipated recipient to identify an individual who is a subject of the information; and

 

Re: Hipaa privacy rule vs gdpr and others

Posted by ert on January 19, 2019, at 17:20:23

In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 14:18:41

1 both prohibit a disclosure without prior consent except in certain circumstances like emergency or transfer to other involved people like specialists etc. in circumstances other than treatment, a written consent would be necessary with the ability of revocation.

2 right of erasure: the gdpr allows the right of erasure at anytime, whereas the hipaa does not. That actually signifies that medical data can be stored offline on a doctors computer for a longer time. But of course not online or public since that would mean a disclosure.

Both prohibit disclosing it and making money.

 

Re: criminal case

Posted by ert on January 20, 2019, at 6:40:03

In reply to Re: Hipaa privacy rule vs gdpr and others, posted by ert on January 19, 2019, at 17:20:23

In case of normal data the bar would be 1000$ for a criminal case, but here also is phi data (health data) involved that Hsiung steals (won't revoke their permissions), uploads and makes money with it. As far as I understand when phi data is sold or money is generated with third parties without authorization (such as a written authorization), there would be no bar to reach the limit to be a criminal case.

 

Re: criminal case

Posted by ert on January 20, 2019, at 8:12:52

In reply to Re: criminal case, posted by ert on January 20, 2019, at 6:40:03

> In case of normal data the bar would be 1000$ for a criminal case, but here also is phi data (health data) involved that Hsiung steals (won't revoke their permissions), uploads and makes money with it. As far as I understand when phi data is sold or money is generated with third parties without authorization (such as a written authorization), there would be no bar to reach the limit to be a criminal case.

from hhs.gov

What is the difference between consent and authorization under the HIPAA Privacy Rule?
Answer:
The Privacy Rule permits, but does not require, a covered entity voluntarily to obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations. Covered entities that do so have complete discretion to design a process that best suits their needs.

By contrast, an authorization is required by the Privacy Rule for uses and disclosures of protected health information not otherwise allowed by the Rule. Where the Privacy Rule requires patient authorization, voluntary consent is not sufficient to permit a use or disclosure of protected health information unless it also satisfies the requirements of a valid authorization. An authorization is a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or health care operations, or to disclose protected health information to a third party specified by the individual.

An authorization must specify a number of elements, including a description of the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some cases, the purpose for which the information may be used or disclosed. With limited exceptions, covered entities may not condition treatment or coverage on the individual providing an authorization.


 

Re: criminal case

Posted by ert on January 20, 2019, at 8:33:48

In reply to Re: criminal case, posted by ert on January 20, 2019, at 8:12:52

> > In case of normal data the bar would be 1000$ for a criminal case, but here also is phi data (health data) involved that Hsiung steals (won't revoke their permissions), uploads and makes money with it. As far as I understand when phi data is sold or money is generated with third parties without authorization (such as a written authorization), there would be no bar to reach the limit to be a criminal case.
>
> from hhs.gov
>
> What is the difference between consent and authorization under the HIPAA Privacy Rule?
> Answer:
> The Privacy Rule permits, but does not require, a covered entity voluntarily to obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations. Covered entities that do so have complete discretion to design a process that best suits their needs.
>
> By contrast, an authorization is required by the Privacy Rule for uses and disclosures of protected health information not otherwise allowed by the Rule. Where the Privacy Rule requires patient authorization, voluntary consent is not sufficient to permit a use or disclosure of protected health information unless it also satisfies the requirements of a valid authorization. An authorization is a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or health care operations, or to disclose protected health information to a third party specified by the individual.
>
> An authorization must specify a number of elements, including a description of the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some cases, the purpose for which the information may be used or disclosed. With limited exceptions, covered entities may not condition treatment or coverage on the individual providing an authorization.
>
>
>
https://www.hipaahelpcenter.com/violations/releasing-information-undesignated-party

 

Re: Designation of a data protection officer

Posted by ert on February 14, 2019, at 10:48:35

In reply to Re: Designation of a data protection officer, posted by rjlockhart37 on January 17, 2019, at 21:49:31

> The HIPPA regulation, confidentiality but this site states very well, that what you write here, is ... check the disclaimer part, this is not really considered an actual medical site, it's just community. It says whatever you write here, you need to careful what you say. I don't think this site is considered confidential medical records, this is more like a board for entire internet to have access too
>
> there's so much i don't know about this, i mean all these legal things that your listing, i just ... i don't think that could be enforced because there already operating this site

rjlockhart37:

I read the disclaimer.h of that website once many years ago. there was written something about "slippery condoms". Is this serious research ?

 

Re: Designation of a data protection officer

Posted by ert on February 14, 2019, at 11:51:57

In reply to Re: Designation of a data protection officer, posted by ert on February 14, 2019, at 10:48:35

it sounds for me a bit like professional negligence when patients are referred. who else take over responsibility ?


Go forward in thread:


Show another thread

URL of post in thread:


Psycho-Babble Administration | Extras | FAQ


[dr. bob] Dr. Bob is Robert Hsiung, MD, bob@dr-bob.org

Script revised: February 4, 2008
URL: http://www.dr-bob.org/cgi-bin/pb/mget.pl
Copyright 2006-17 Robert Hsiung.
Owned and operated by Dr. Bob LLC and not the University of Chicago.