"In my previous blog, I revealed that Oura data is not end-to-end encrypted. That means that an Oura user's health data can be unscrambled at certain points as it travels from a person's ring, through their phone app, over the internet, and as it lands on Oura's servers."
Very strange -- it seems to be conflating end-to-end encryption with encryption-in-transit.
This is why although I don't love my Apple Watch, I'm not using anything else. It's very sensitive data and Apple is the only company worth trusting with it. They're not perfect but compared to others there's no competition.
Google's Health Connect system doesn't share this data either (without a consent prompt for third party apps, off course). This is to the point where I wish it would just support some kind of sync, because two devices hooked up to the same accounts need a third party app to transfer the health info.
Apple is subject to the same laws Oura is. The competition is too.
Yeah there's no one I'd trust with my personal data except Apple. Their track record of refusing to bow down to the feds has been golden. 24 carat infact.
If your concern is that the government may access the data, whether it's covered by HIPAA or not is irrelevant, because HIPAA allows government access. Though yes, it would still be better than non-HIPAA in general.
"In my previous blog, I revealed that Oura data is not end-to-end encrypted. That means that an Oura user's health data can be unscrambled at certain points as it travels from a person's ring, through their phone app, over the internet, and as it lands on Oura's servers."
Very strange -- it seems to be conflating end-to-end encryption with encryption-in-transit.
It also doesn't sound like its encrypted at rest. Perhaps each in-transit is held to be a unique e2e IP exchange?
Encrypted at rest means something different. It means if you pull the hard drive out no one can decrypt it. Not that it is encrypted in the database.
guy who pays $6/month to be monitored by the f3ds
Judging by ads for cell phone service, most people pay more than that per month to be monitored by the Feds.
This is why although I don't love my Apple Watch, I'm not using anything else. It's very sensitive data and Apple is the only company worth trusting with it. They're not perfect but compared to others there's no competition.
Google's Health Connect system doesn't share this data either (without a consent prompt for third party apps, off course). This is to the point where I wish it would just support some kind of sync, because two devices hooked up to the same accounts need a third party app to transfer the health info.
Apple is subject to the same laws Oura is. The competition is too.
Apple might be pretty good now. There's no assurance they always will be.
Yeah there's no one I'd trust with my personal data except Apple. Their track record of refusing to bow down to the feds has been golden. 24 carat infact.
In the US. Apple's policies are flexible when it comes to other nation states.
All it takes is a political sea change for E2EE to go away.
Apple already has to hand over a wealth of information when asked by the feds.
Oura doesn't even have GPS does it?
Government can already get ALL your celltower locations without a warrant
AND read all your emails and text messages that are over 6 months old, without a warrant
In a society where women are being prosecuted for medical procedures, menstrual data becomes very risky to have handed over.
Probably this yeah. Your location data can be obtained from other devices than your own, but this medical data cannot.
I was definitely interested in some sort of comprehensive sensor bundle for my healthcare.
But every one of these devices demands some Android/Apple app, and shipping all my health data to basically non-HIPAA data brokers.
Id be all over a local-only no-data-exfiltration health tracker. But the companies do NOT want to provide that.
I, uh, guess, "go surveillance capitalism", for more choices?
If your concern is that the government may access the data, whether it's covered by HIPAA or not is irrelevant, because HIPAA allows government access. Though yes, it would still be better than non-HIPAA in general.
HIPAA is completely irrelevant to any of this. Ours is technically HIPAA complaint because the data they process is not subject to HIPAA.
In overly simple terms, if insurance is not involved, then it’s not subject to HIPAA.
I am using Withings in combination Tredict. Both GDPR-compliant.