Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
69,401
40,443


Four U.S. senators, Bob Menendez, Kamala Harris, Cory Booker and Richard Blumenthal, on Friday sent a letter to Apple CEO Tim Cook expressing concern over "the safety and security of Americans' private health data" in regard to the recently released COVID-10 website and app, reports Bloomberg.

applecovidscreeningtool.jpg

The senators questioned Cook about Apple's data-sharing practices and safeguards, and whether the COVID-19 app complies with the Health Insurance Portability and Accountability Act (HIPAA). They also want details on Apple's agreements with federal or state governments for the development of the app.

When announcing the app and the website, which Apple developed with the CDC, the White House Coronavirus Task Force, and FEMA, Apple said that any data users provide on the COVID-19 website or app is not shared with Apple, the CDC, or any other government agency, as specified on the COVID-19 website. What little information Apple does collect, such as how people use the site, is used for bug fixes.
Apple is not collecting your answers from the screening tool. To help improve the site, Apple collects some information about how you use it. The information collected will not personally identify you.
Apple also does not require users to sign in to use the app and the data is not associated with a user's Apple ID, nor does it ask for any personally identifiable information.
Consistent with Apple's strong dedication to user privacy, the COVID-19 app and website were built to keep all user data private and secure. The tools do not require a sign-in or association with a user's Apple ID, and users' individual responses will not be sent to Apple or any government organization.
Apple debuted the COVID-19 website and app on March 27. It serves as a screening tool where users can answer questions about symptoms, exposure risk, and more, to receive CDC recommendations on the next steps they should take, such as social distancing or obtaining a test.

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: U.S. Senators Question Apple CEO Tim Cook About COVID-19 App Privacy
 
Last edited:
  • Angry
Reactions: Jxdawg and DeepIn2U
I don't understand...at least on the website the screening tool doesn't ask you to identify yourself at all. Though I expect on the phone I suppose that's something that could be gleaned.
 
The government failed to control a pandemic the last thing they should do is criticize Apple for trying to help.
Especially Congress. I mean, regardless of what you think about anyone else in government, Congress's approval rating is under 20% last I checked. It's amazing that they're even capable of doing such a bad job that they'd get a rating that low, but somehow they managed. Really, almost nobody respects them at this point, Republican or Democrat.
 
But HIPPA is all about PHI and its protection. I don't understand how the site could be in violation of HIPPA when there is no PHI involved at all?
Originally that's not at all what HIPPA was about. It's not even what's in the acronym. It's just what it was hijacked to be all about.
<\off-topic>
 
"HIPAA rules" does involve PII -- https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

@lkalliance I've used the app on my iPhone and can confirm that it doesn't ask you to identify yourself either so I'm not sure what these particular politicians are on about.
Perhaps they mean that by dint of using the app on the phone they can identify you because your phone is personally identifiable? That when you did it on the app on your phone that Apple knows that the submission is yours because your phone has your iCloud account on it? I don't have enough technical background to know if that SHOULD be a worry, but I suppose that would be a reasonable reason for the government to at least ask. *shrug*
[automerge]1585941381[/automerge]
Originally that's not at all what HIPPA was about. It's not even what's in the acronym. It's just what it was hijacked to be all about.
<\off-topic>
I won't disagree about whether it was intended as such originally, but that's de facto what it is about now. I go through HIPPA training every year, and it's all about PHI: making sure it's protected, and outlining exactly what the circumstances need to be to disclose it to another party.
 
How are symptoms of an infectious disease not health information? :rolleyes:
They are health information, but PHI references whether that information is tied to you specifically. Your doctor has a ton of information about your health specifically, not just information about everyone's health. The app doesn't ask you to identify yourself, so therefore the information you submit is not PHI, because it's not specifically connected to you. Unless somehow it IS paired with your identity by Apple by virtue of your phone being linked to your iCloud account. I suppose that might be why they are asking.
[automerge]1585941686[/automerge]
Wrong. What is illegal is to disclose that information without consent.
HIPPA also requires that the holder of the PHI take appropriate precaution to protect that information besides releasing it. If Apple is collecting PHI, they have to show that they are protecting it sufficiently from being stolen. That would fall under the heading of disclosure too, you could say.
 
  • Like
Reactions: Lazy
They are health information, but PHI references whether that information is tied to you specifically. Your doctor has a ton of information about your health specifically, not just information about everyone's health. The app doesn't ask you to identify yourself, so therefore the information you submit is not PHI, because it's not specifically connected to you. Unless somehow it IS paired with your identity by Apple by virtue of your phone being linked to your iCloud account. I suppose that might be why they are asking.
[automerge]1585941686[/automerge]

HIPPA also requires that the holder of the PHI take appropriate precaution to protect that information besides releasing it. If Apple is collecting PHI, they have to show that they are protecting it sufficiently from being stolen. That would fall under the heading of disclosure too, you could say.

First, it's HIPAA not HIPPA.

Second, what you posted makes zero sense. What Apple is collecting is, in fact, health information about an individual.

Whether Apple is collecting the identity of that individual, is a separate question, and a necessary element to determining whether it is "protected" health information. And even if it is, whether Apple is disclosing that information to third parties, and whether such disclosure was done without consent, are wholly separate elements that are required to establish a violation.

With the rampant abuses of privacy that exist in today's tech world, it isn't unreasonable to question whether a website that asks a user about their symptoms complies with HIPAA.
 
First, it's HIPAA not HIPPA.

Second, what you posted makes zero sense. What Apple is collecting is, in fact, health information about an individual.

Whether Apple is collecting the identity of that individual, is a separate question, and a necessary element to determining whether it is "protected" health information. And even if it is, whether Apple is disclosing that information to third parties, and whether such disclosure was done without consent, are wholly separate elements that are required to establish a violation.

Oops on the spelling, lol.

I think it's open to question whether Apple is collecting health information about an individual. It is collecting health information definitely, but if you're not identified, then it's not health information about you. It could be health information about any one of millions (billions?) of people: anyone who has the means to use the app or site. HIPAA does make a distinction between anonymized and non-anonymized data, I believe (my only source of expertise on this all is my annual training, not a detailed familiarity with text of the statutes).

And I think that's what the senators (or any government official involved) could be asking and should be: does Apple collect the identity of the person submitting the information? They don't ASK for it in the app or on the website, but could that identity be determined by other means, either by Apple or by a third party inserting themselves into the communication? If the answers to those are to the negative, then I don't believe the information can be termed PHI.
 
  • Like
Reactions: Websnapx2
I don't understand...at least on the website the screening tool doesn't ask you to identify yourself at all. Though I expect on the phone I suppose that's something that could be gleaned.

Senators Bob Menendez, Kamala Harris, Cory Booker and Richard Blumenthal, are opportunists in such a time questioning Apple. Are they questioning Microsoft, Hp, Dell, Slack, etc. ?!

either way I really feel tax payers dollars are better spent with otherendeavours in this time of crisis.
 
God forbid that people find out the pen they have been herded into is bound only by an invisible fence...that is why this sudden interest by government is...right on cue.
 
  • Like
Reactions: iOS Geek
Senators Bob Menendez, Kamala Harris, Cory Booker and Richard Blumenthal, are opportunists in such a time questioning Apple. Are they questioning Microsoft, Hp, Dell, Slack, etc. ?!

I think that's a reasonable opinion to have and a reasonable question to ask.

either way I really feel tax payers dollars are better spent with otherendeavours in this time of crisis.

I actually don't mind about that part. I am concerned, generally, with digital privacy, and I'm glad they are at least putting up appearances that they are too. I feel that they (the government, not just these four) are putting a lot of attention to the current situation, but there are still the regular functions of government that should be tended to. Just like I've still got to feed my dog and clean my dishes and deal with my creditors, even though there's a pandemic going on.

Unless I can get my partner to do that for me. ;)
 
  • Like
Reactions: DeepIn2U
Can we obtain tests now? I thought I could ask for them and be told no. I didn’t realize I could get my own.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.