Shown: posts 3 to 27 of 27. Go back in thread:
Posted by ert on December 31, 2018, at 22:15:02
In reply to Re: Designation of a data protection officer, posted by ert on December 31, 2018, at 10:31:25
Robert C. hsiung obviously makes money with copyright infringements. Neither as a participant or a taxpayer I would be satisfied by that.
Clearly, unlawful.
AcknowledgmentsThis study was supported by NIMH R-34 R34 MH 073742-01 and NIMH K-08 MH 072918-01A2 (Dr. Van Voorheessalary support during study
Disclosure StatementDr. Van Voorhees has served as a consultant for PrevailHealth Solutions, Inc., Mevident, Inc., Verimed, Inc., and SocialKinetics, Inc. The University of Chicago has granted a no-costlicense to Mevident, Inc., to adapt the CATCH-IT intervention.Dr. Van Voorhees has agreed to support the company working5.5 days as consultant at $1,000/day. Dr. Hsiung is the singlemember of Dr. Bob, LLC, which owns and operates the Psycho-Babble ISG. The net revenue of Dr. Bob, LLC, is less than $1000/year. All other authors have no competing financial interests
(PDF) First, Do No Harm: Referring Primary Care Patients with Depression to an Internet Support Group. Available from: https://www.researchgate.net/publication/317987568_First_Do_No_Harm_Referring_Primary_Care_Patients_with_Depression_to_an_Internet_Support_Group [accessed Jan 01 2019].
Posted by ert on December 31, 2018, at 22:51:31
In reply to Re: Designation of a data protection officer, posted by ert on December 31, 2018, at 22:15:02
...with stolen health data and infringements. it is a criminal case.
Posted by ert on January 1, 2019, at 6:11:17
In reply to Re: Designation of a data protection officer, posted by ert on December 31, 2018, at 22:51:31
> ...with stolen health data and infringements. it is a criminal case.
>
>for the us americans actually not since it's less made than 1000$ if it's true. but I am not completely sure about the us medical data. nevertheless foreign law is grossly violated.
Posted by ert on January 1, 2019, at 6:56:19
In reply to Re: Designation of a data protection officer, posted by ert on January 1, 2019, at 6:11:17
if he is considered as a covered entity by law (and he does bill with assurances as stated on his website) then the https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E is violated.
Posted by ert on January 1, 2019, at 7:23:50
In reply to Re: Designation of a data protection officer, posted by ert on January 1, 2019, at 6:56:19
> if he is considered as a covered entity by law (and he does bill with assurances as stated on his website) then the https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E is violated.
Protected health information
Protected health information means individually identifiable health information:
(1) Except as provided in paragraph (2) of this definition, that is:
(i) Transmitted by electronic media;
(ii) Maintained in electronic media; or
(iii) Transmitted or maintained in any other form or medium.
and discloses transmits it by electronic media such as the internet if it isn't a transmission to an assurance as minimal data set or in case of an emergency, as far as I understand would signify a violation.
Posted by ert on January 1, 2019, at 8:02:21
In reply to Re: Designation of a data protection officer, posted by ert on January 1, 2019, at 7:23:50
In case of us law and the hippa that actually signifies theft of medical data since he wont revoke the participants permissions and instead publishes it publicly on the internet. As in my case and maybe many more participants, lied that he will revoke but did not effectuate the wish.
Posted by ert on January 1, 2019, at 23:14:25
In reply to Re: Designation of a data protection officer, posted by ert on January 1, 2019, at 8:02:21
... copyright law, many international laws among others the GDPR.
The FAQ's of this Website is illegal. The content of the database consists of too much infringed material.
Posted by ert on January 4, 2019, at 2:31:57
In reply to Re: These are violations against the HIPAA, ..., posted by ert on January 1, 2019, at 23:14:25
they obviously referred pediatric patients to this site. I have already found out the name for the next study with that they could garner the grants:
second, do they really need to get harmed ???
AcknowledgmentsThis study was supported by NIMH R-34 R34 MH 073742-01 and NIMH K-08 MH 072918-01A2 (Dr. Van Voorheessalary support during studyDisclosure StatementDr. Van Voorhees has served as a consultant for PrevailHealth Solutions, Inc., Mevident, Inc., Verimed, Inc., and SocialKinetics, Inc. The University of Chicago has granted a no-costlicense to Mevident, Inc., to adapt the CATCH-IT intervention.Dr. Van Voorhees has agreed to support the company working5.5 days as consultant at $1,000/day. Dr. Hsiung is the singlemember of Dr. Bob, LLC, which owns and operates the Psycho-
Babble ISG. The net revenue of Dr. Bob, LLC, is less than $1000/year. All other authors have no competing financial interests(PDF) First, Do No Harm: Referring Primary Care Patients with Depression to an Internet Support Group. Available from: https://www.researchgate.net/publication/317987568_First_Do_No_Harm_Referring_Primary_Care_Patients_with_Depression_to_an_Internet_Support_Group [accessed Jan 01 2019].
Posted by ert on January 14, 2019, at 5:56:27
In reply to Re:second, do they really need to get harmed ???, posted by ert on January 4, 2019, at 2:31:57
Posted by ert on January 14, 2019, at 6:02:54
In reply to Re: Chicago Introduces Data Protection Ordinance, posted by ert on January 14, 2019, at 5:56:27
if not taken down and changed to telegram the administrator is at best put under oversight of an independent data protection officer (with admin capabilities) that directly reports to the data protection offices in the US, in Europe and elsewhere.
Posted by rjlockhart37 on January 17, 2019, at 21:49:31
In reply to Re: Designation of a data protection officer, posted by ert on January 1, 2019, at 8:02:21
The HIPPA regulation, confidentiality but this site states very well, that what you write here, is ... check the disclaimer part, this is not really considered an actual medical site, it's just community. It says whatever you write here, you need to careful what you say. I don't think this site is considered confidential medical records, this is more like a board for entire internet to have access too
there's so much i don't know about this, i mean all these legal things that your listing, i just ... i don't think that could be enforced because there already operating this site
Posted by ert on January 18, 2019, at 11:46:25
In reply to Re: Designation of a data protection officer, posted by rjlockhart37 on January 17, 2019, at 21:49:31
that is what the disclaimer of this site says. but this is not what it really is. it is indeed a medical site with medical data and profiles that is uploaded and the content is used to conduct medical studies. there is not an opt out possibility and there is no way that your data can be deleted. many laws are violated but this will be changed. I hope your're not employed by the government rjlockhart37, must be hard not to receive your paycheck....
Posted by ert on January 18, 2019, at 11:56:04
In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 11:46:25
this is not really considered an actual medical site, it's just community...
if this is written in the disclaimer, then this is again a misleading statement, as if someone would scatter sand in your eyes.
Posted by ert on January 18, 2019, at 13:09:32
In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 11:56:04
Is hsiung a covered entity: yes
Does he transmit that data electronically: yes
Does he possess PHI and Individually identifiable health information data: yes
Does he disclose it: yes, to the public
Does he allow to revoke a given permission for a disclosure: no
Posted by ert on January 18, 2019, at 13:20:23
In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 13:09:32
> Is hsiung a covered entity: yes
> Does he transmit that data electronically: yes
> Does he possess PHI and Individually identifiable health information data: yes
> Does he disclose it: yes, to the public
> Does he allow to revoke a given permission for a disclosure: no
>from hhs.gov
Criminal Penalties. A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Priv
he also sells it...
Posted by ert on January 18, 2019, at 13:31:56
In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 13:20:23
> > Is hsiung a covered entity: yes
> > Does he transmit that data electronically: yes
> > Does he possess PHI and Individually identifiable health information data: yes
> > Does he disclose it: yes, to the public
> > Does he allow to revoke a given permission for a disclosure: no
> >
>
> from hhs.gov
>
> Criminal Penalties. A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Priv
>
> he also sells it...
>
>by definition it is not necessary to be a patient from Hsiung. But there's a catch. he were not a covered entity, the Hipaa would not apply. that's how I understand it. but many other laws are violated too.
Posted by ert on January 18, 2019, at 14:04:40
In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 13:31:56
> > > Is hsiung a covered entity: yes
> > > Does he transmit that data electronically: yes
> > > Does he possess PHI and Individually identifiable health information data: yes
> > > Does he disclose it: yes, to the public
> > > Does he allow to revoke a given permission for a disclosure: no
> > >
> >
> > from hhs.gov
> >
> > Criminal Penalties. A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Priv
> >
> > he also sells it...
> >
> >
>
> by definition it is not necessary to be a patient from Hsiung. But there's a catch. he were not a covered entity, the Hipaa would not apply. that's how I understand it. but many other laws are violated too.45 CFR 164.514
the de-idenfication is not sufficient. e.g. names, geographics subdivisions but notably <any other unique identifying characteristic too>. furthermore the posts can be puzzled together.
Posted by ert on January 18, 2019, at 14:18:41
In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 14:04:40
> > > > Is hsiung a covered entity: yes
> > > > Does he transmit that data electronically: yes
> > > > Does he possess PHI and Individually identifiable health information data: yes
> > > > Does he disclose it: yes, to the public
> > > > Does he allow to revoke a given permission for a disclosure: no
> > > >
> > >
> > > from hhs.gov
> > >
> > > Criminal Penalties. A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Priv
> > >
> > > he also sells it...
> > >
> > >
> >
> > by definition it is not necessary to be a patient from Hsiung. But there's a catch. he were not a covered entity, the Hipaa would not apply. that's how I understand it. but many other laws are violated too.
>
> 45 CFR 164.514
>
> the de-idenfication is not sufficient. e.g. names, geographics subdivisions but notably <any other unique identifying characteristic too>. furthermore the posts can be puzzled together.
>
>45 CFR 164.514
(i) Applying such principles and methods, determines that the risk is very small that the information could be used, alone OR IN COMBINATION WITH OTHER REASONABLY AVAILABLE INFORMATION, by an anticipated recipient to identify an individual who is a subject of the information; and
Posted by ert on January 19, 2019, at 17:20:23
In reply to Re: Designation of a data protection rjlockhart37, posted by ert on January 18, 2019, at 14:18:41
1 both prohibit a disclosure without prior consent except in certain circumstances like emergency or transfer to other involved people like specialists etc. in circumstances other than treatment, a written consent would be necessary with the ability of revocation.
2 right of erasure: the gdpr allows the right of erasure at anytime, whereas the hipaa does not. That actually signifies that medical data can be stored offline on a doctors computer for a longer time. But of course not online or public since that would mean a disclosure.
Both prohibit disclosing it and making money.
Posted by ert on January 20, 2019, at 6:40:03
In reply to Re: Hipaa privacy rule vs gdpr and others, posted by ert on January 19, 2019, at 17:20:23
In case of normal data the bar would be 1000$ for a criminal case, but here also is phi data (health data) involved that Hsiung steals (won't revoke their permissions), uploads and makes money with it. As far as I understand when phi data is sold or money is generated with third parties without authorization (such as a written authorization), there would be no bar to reach the limit to be a criminal case.
Posted by ert on January 20, 2019, at 8:12:52
In reply to Re: criminal case, posted by ert on January 20, 2019, at 6:40:03
> In case of normal data the bar would be 1000$ for a criminal case, but here also is phi data (health data) involved that Hsiung steals (won't revoke their permissions), uploads and makes money with it. As far as I understand when phi data is sold or money is generated with third parties without authorization (such as a written authorization), there would be no bar to reach the limit to be a criminal case.
from hhs.gov
What is the difference between consent and authorization under the HIPAA Privacy Rule?
Answer:
The Privacy Rule permits, but does not require, a covered entity voluntarily to obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations. Covered entities that do so have complete discretion to design a process that best suits their needs.By contrast, an authorization is required by the Privacy Rule for uses and disclosures of protected health information not otherwise allowed by the Rule. Where the Privacy Rule requires patient authorization, voluntary consent is not sufficient to permit a use or disclosure of protected health information unless it also satisfies the requirements of a valid authorization. An authorization is a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or health care operations, or to disclose protected health information to a third party specified by the individual.
An authorization must specify a number of elements, including a description of the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some cases, the purpose for which the information may be used or disclosed. With limited exceptions, covered entities may not condition treatment or coverage on the individual providing an authorization.
Posted by ert on January 20, 2019, at 8:33:48
In reply to Re: criminal case, posted by ert on January 20, 2019, at 8:12:52
> > In case of normal data the bar would be 1000$ for a criminal case, but here also is phi data (health data) involved that Hsiung steals (won't revoke their permissions), uploads and makes money with it. As far as I understand when phi data is sold or money is generated with third parties without authorization (such as a written authorization), there would be no bar to reach the limit to be a criminal case.
>
> from hhs.gov
>
> What is the difference between consent and authorization under the HIPAA Privacy Rule?
> Answer:
> The Privacy Rule permits, but does not require, a covered entity voluntarily to obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations. Covered entities that do so have complete discretion to design a process that best suits their needs.
>
> By contrast, an authorization is required by the Privacy Rule for uses and disclosures of protected health information not otherwise allowed by the Rule. Where the Privacy Rule requires patient authorization, voluntary consent is not sufficient to permit a use or disclosure of protected health information unless it also satisfies the requirements of a valid authorization. An authorization is a detailed document that gives covered entities permission to use protected health information for specified purposes, which are generally other than treatment, payment, or health care operations, or to disclose protected health information to a third party specified by the individual.
>
> An authorization must specify a number of elements, including a description of the protected health information to be used and disclosed, the person authorized to make the use or disclosure, the person to whom the covered entity may make the disclosure, an expiration date, and, in some cases, the purpose for which the information may be used or disclosed. With limited exceptions, covered entities may not condition treatment or coverage on the individual providing an authorization.
>
>
>
https://www.hipaahelpcenter.com/violations/releasing-information-undesignated-party
Posted by ert on February 14, 2019, at 10:48:35
In reply to Re: Designation of a data protection officer, posted by rjlockhart37 on January 17, 2019, at 21:49:31
> The HIPPA regulation, confidentiality but this site states very well, that what you write here, is ... check the disclaimer part, this is not really considered an actual medical site, it's just community. It says whatever you write here, you need to careful what you say. I don't think this site is considered confidential medical records, this is more like a board for entire internet to have access too
>
> there's so much i don't know about this, i mean all these legal things that your listing, i just ... i don't think that could be enforced because there already operating this siterjlockhart37:
I read the disclaimer.h of that website once many years ago. there was written something about "slippery condoms". Is this serious research ?
Posted by ert on February 14, 2019, at 11:51:57
In reply to Re: Designation of a data protection officer, posted by ert on February 14, 2019, at 10:48:35
it sounds for me a bit like professional negligence when patients are referred. who else take over responsibility ?
Posted by rjlockhart37 on February 14, 2019, at 14:38:30
In reply to Re: Designation of a data protection officer, posted by ert on February 14, 2019, at 11:51:57
go to the FAQ and read about copyrights, go down and sroll through the guidelines, we're allowed copy rights
"My understanding is that when you write something, you (usually) get the copyright to it"
then ...
" However, I want to be able to use these posts elsewhere" meaning research and various postsso ... it's written in the guideline, or FAQ most of the privacy, these posts can be used for research purposes, just go the FAQ section
and also he wrote whatever you write can be used against you, including work, or law purposes. I've now rethought about this, these posts are public, ... not spill out too much info, this site is public and they can use your information, so...from now on i'll just post research studies.....and not ranting posts. he also said "Case studies are not considered research, and Dr. Bob may at any time publish case studies on his web site or in a book or an academic journal"
so whatever we post here, it can be used in an article, or study
This is the end of the thread.
Psycho-Babble Administration | Extras | FAQ
Dr. Bob is Robert Hsiung, MD, bob@dr-bob.org
Script revised: February 4, 2008
URL: http://www.dr-bob.org/cgi-bin/pb/mget.pl
Copyright 2006-17 Robert Hsiung.
Owned and operated by Dr. Bob LLC and not the University of Chicago.