The following are just some random thoughts or curated information regarding the impact the COVID pandemic will have on privacy in general, and health information privacy in particular.
I have attached a link to information issued by HHS explaining that, not only are HHS and OCR specifically advising that the release of patient information regarding COVID infections is expressly being permitted as part of a nationwide public health emergency, but that in fact HIPAA always allowed that.
Bloomberg Law reports that Apple and Google are building security measures into their COVID-19 contract tracing plan to ward off cyber criminals, but also warn that government health agencies lack the resources and capabilities of these tech giants and that there can be “really sensitive data going to places that aren’t equipped for it”.
The Wall Street Journal reports that governments, especially China, South Korea and Taiwan, are using cell phone tracking technology without the permission from individuals to perform contact tracing. If you are familiar with how Bluetooth technology allows your identity and location to be tracked for purposes of GPS, advertising blasts, social communicating, etc., you can really see how this information could also be used to track the location of infected individuals, presuming the infection data (which might be available through the less than adequately protected government agencies) could be linked to the cell phone location.
Many countries, including specifically the Netherlands, are using camera cars usually associated with Google View and GPS updating to monitor compliance with stay-at-home orders, much the same way as cameras are used to issue speeding tickets and with the use of facial recognition can presumably issue quarantine tickets. Finally, cell phone tracking data could also be used to monitor compliance with quarantine or stay-at-home orders, in much the same way as ankle bracelets are used for house arrest.
Just some random thoughts.