This is actually kinda important for an internet community to talk about becuase we vomit out all sorts of protected health information in these chats. We copy/paste blood sugar records here.
You will see a million different acronymns that mean “protected health information.” They are afraid of HIPPA violations.
PPI = Patient Private Information
PII = Patient Identifiable Information
PHI = Protected Health Information
Those acronyms all mean the same thing.
They are concerned about private patient medical records being exposed via their public comment process.
Example 1: Potential for HIPAA violation
if they have a nurse provide public comment, they don’t want to have any legal liability for exposing a bunch of private health information related to patients if she provides documentation via patient records. Obviously. But no nurse is dumb enough to do that. Sometimes they de-identify data, then it’s fine. But if that nurse were to also publish the name of the hospital she works at AND identifies herself as a nurse, it could be possible to infer the identify of specific patients (their names, phones numers, etc from hospital records).
What they probably don’t know is that the nurse is legally liable for that disclosure, not DOJ. But they also probably want to stay as far away from legal liability as possible. They know that they don’t understand the law and they feel nervous. Because they are so uncertain about what a HIPPA violation means and is, they respond by infringing on MY right to make public comment to an agency prior to rulemaking. That’s silly because they have lots of lawyers and access to doctors and they should just ask someone what HIPPA mean. Any professional in the field could tell them. It’s silly to restrict someone’s right because you are so afraid of violating some law that you know nothing about. They are DEFINITLEY violating a law on the off chance that they MIGHT violate some other law that they don’t understand. Welcome to government.
There is no HIPAA happening here. Why? I have never had professional access to any hospital medical records. I never worked in a hospital. I was a volunteer EMT years ago. It was so long ago that I barley remember it. There’s no way that I could remember specific patient details from 15 years ago. My memory is ■■■■. We kept records on paper. I also DO NOT discuss ANYTHING related to patient care in any submisison anywhere OR on this website.
I am also NOT violating HIPPA when I disclose my own patient records because that is well within my rights. Once I disclose those records, no one else can be held liable for publishing that information. I have effectivley relinquished my right to privacy by choosing to publish my own medical data.
That is breaking the brains of kids who are probably very bright, but 20 years old. They work at DOJ and read these comments. They are googling things and misunderstanding the law. They have clearly figured out that I have the right to discuss my own personal medical condition publicly. Good progress. But they are still working on figuring out what HIPPA means. They are paranoid that I have filled this paper with legal landmines, which I have not.
You all mostly use an alias on this website. That is to protect your identity. But I disclose info and just don’t care. Everyone in town already knows that I am a diabetic. If I show up unconsious at the hospital, a medic will recognize me and know I am a diabetic because we have probably worked together. That happens to me all the time. The days of me hiding my medical condition are long dead.
So, that opens some opportunity for me to discuss diabetes with the government. I can use my own medical records to support the claims that I make. But I have a tendency to flip flop around when I am speaking from the perspective of a patient, provider, engineer, etc. It’s honestly probably confusing for some kid who has never worked in industry.
A HIPPA violation occurs when a medical provider is providing care to a patient (or otherwise accesses information through records at work in a professional capacity) and then discloses that information to an inividual who doesn’t require it in order to provide care. That’s the sort of violation they need to be concerned about.
EXAMPLE 2: NOT a HIPAA Violation
If I were to write to the government that, “A bunch of diabetics in a chat room told me that they don’t like Omnipod pumps,” that is NOT a HIPPA violation.
EXAMPLE 3: HIPAA Violation
If a paramedic that I am friends with told me over coffee that a specific patient of his experienced a failure with one of the recently recalled Omnipod pumps, that IS a HIPPA violation. Because they obtained that information in a professional capacity while providing care and illegally disclosed it to me. They have no reason to provide me that information because i am not currenlty working with them to provide care on an ambulance.
It has nothing to do with identity theft. It’s about protecting private medical data. Medical data is legally protected data.
Does that help?
The fact that this requires explination makes me have more empathy for employees at the DOJ. It is kinda confusing if you haven’t been trained in it all. How would they know? I kinda assume the government knows everything and has all these experts. I am constantly disapointed. 
This helps me prepare to explain it all more succinctly if I need to. It’s good practice for me. I assume that everyone knows all this, but that’s ridiculous.