Told you I broke DOJ

i was redacted
https://www.regulations.gov/comment/ATR-2026-0001-0100

As a Diabetic, I was SILENCED!!! :rofl: :rofl: :rofl:
Of course I was. I was wondering how all this would play out.
There’s defintley no HIPAA violations in my comment. They aren’t legally responsible for HIPAA violations anyway, I am. They might not understand that. Or, they may have just forgotten to post it and made a boo boo. I’ll write to them.

I wish I had the clip of that doctor from the ADA conference in New Orleans holding his hands in the air and saying, “I am being censored,” with outrage. I would post it. Too funny.

UPDATE: They fixed it. Here’s the link to public comment on the docket: Regulations.gov
It’s comment #103 on docket # Document (ATR-2026-0001-0001)

Copy and paste this into the browser “Regulations.gov

I need a concrete evaluation of where they believe a HIPAA violation might be precieved of taking place. I assure you that there are none. But, if you are a government official and you don’t know anything and are trying to interpret laws that you know nothing about, where might you imagine a potential violation that is severe enough to prevent the only submission from someone in the patient community from being included?

A messy link to the complete public comment is here:

You have to scroll down to the table of contents portion of this post. That’s where it begins. It’s comment #21 in the post.

That whole ADA debacle was outrageous!!

I couldn’t work out what they had done, or rather what you think they did. So far as I could see the whole of your comment (excellent presentation BTW) is available but I didn’t go through it in detail.

The blurb you posted looks like a boilerplate disclaimer that they put on every comment they publish. If they acted on it for a given comment there would be redacted parts in the downloadable comment (I didn’t see any in yours) but the unredacted version is still available for anyone who turns up and reads it in person.

It was. I don’t think it was a significant event, but tell me your impression.

It read like a social media stunt to me. But that wasn’t the fault of anyone associated with the event, that was social medias fault. Social media is just annoying.

When I first heard about it, it was because I fell asleep with the BBC on. I don’t sleep great with the radio on, but if something interesting comes on the radio, I’ll wake up. So sometimes, if I’m busy and I haven’t heard the news for a long time, and I want to, I just leave the radio on overnight.

I heard over the BBC that there were some arrests at the American Diabetes Association conference in New Orleans. Broadcaster didn’t sound alarmed. No one was hurt. So, I smiled, thought, “Those crazy diabetics. What are they up to now?” and went happily back to sleep.

But then I saw the early, uncut video clips and I laughed outloud because it was doctor and he was behaving irrationally and he was clearly so outraged. I think of the doctors as nerds. I tell them that they are a bunch of wussy nerds who ought to stand up for themselves. I tell them that the insurers are bullying them and stealing their lunch money. I tell them to ‘grow a pair,’ and I post this video and mock them. https://www.youtube.com/watch?v=SevU7E9pcZI They were so nerdy in the clips that watched them over and over and laughed until I cried. Some of them were quite old and quite small and there were these New Orleans cops (who has gotta be one of the most “bad ass,” police force in the country, outside of NY) who had no idea why they were summonded. The call probably came in as, “There are people soliciting and being disruptive in the lobby.” Who knows.

Then, all the things ensued as you might expect in a regular bar fight.

There’s the regular, practical friend who walks over to perform some conflict resolution (tak you down, talk the authorities down).

One person is always outraged and clearly the antogonist (the trouble starter). That was the gentleman who threw his arms into the air like he was being arrested and yelled, “Im being censored!” He was escorted out by a police officer half his size. That’s the one I suspect was the Minnesotan because he was big. We are just kinda big people up here - farming stock.

But most of all, my attention turned to the tiny, white, glasses wearing, on the verge of elderly nerd doctor who was holding a giant stack of academic papers. It cost him a fortune to print those out. But, hey, he’s a doctor. He can afford it. I’ve had people try to take a pile of paperwork that I’m holding away from me before, so I was super interested in how he would react.

When I read the paper, it struck me as very political and possibly politically damaging to diabetic advocacy in favor of a handful of doctors getting some money for research. Both sides over reacted. I don’t think anyone intended that. But the title of the paper struck me as naive and kinda ‘know it all.’ The docs give off that impression a lot. It’s sincerley them. It’s the doctors. I could see someone getting mad about that paper. It’s politically inflamatory. That’s a terrible move.

You get that they didn’t post my orginial comment, right?
That is actually what I think the problem is.
They think they posted it, but they didn’t.

They ONLY posted the 3 appendices. My public comment was not posted. That’s the entire thing. It doesn’t make any sense to post appendices without the paper that references them.

Does that make sense?

It’s confusing because one of the appendices IS actually a submission to a previous docket. They may have gotten confused. I just thought i would include it so they don’t need to go looking for it. I reference it. I’m trying to make things as easy as possible for them. Maybe I made it more confusing.

THIS is the public comment. It is to BOTH the FTC and the DOJ. They did a joint request for public comment.

There are 3 appendices - A, B, and C. Those were posted publicly.

Appendix A is a previous submission to DOJ, exclusivley, from May of last year. FTC was not on that docket.

I only just worked that out. It’s a typical beaurocratic mistake; the copy editor was meant to post the redacted version followed or preceded by the boilerplate but, probably because of the unusability of the web, ended up posting just the boilerplate. There is PII in your comment, your grandmother (picture, date of birth, date of death, name). It’s PII even though it is almost certainly available on the web because the P is not a historical figure.

There may be a few others.

I suggest you rewrite it to remove the obvious PII and also remove any references that are irrelevant to your arguments or involve third parties that might be identifiable. Then talk to a responsible party and suggest you can submit a corrected version with less PII.

I scanned comment #21 to reach these conclusions.

That is NOT PPI or PII.

But this can also be a problem because the government might not KNOW what PPI is.

A public handout from a memorial service is NOT PII, even if it does contain a name and a birthdate. Facebook asks for your name and your birthdate. A FB page is NOT PII. It is just a public display of your name and birthdate. That is totally legal to publish.

Why is it not PII?
Because not only is this information not coming from a medical record, it is not patient data in any context. I am discussing her role as a service member and as my grandmother. That’s all legal. I am not violating HIPAA.

If I were in uniform and on the scene, providing medical treatment to my grandmother at her house, picking her up in an ambulance, and someone handed me that document as a mechanism for me to record that her name/birthdate accuratley or quickly (if we are in a rush to transport her to the hospital), then it WOULD be PII. That’s not how I came upon the information. I came upon it because I attended her memorial service and because I am her grandaughter. Those are very different situations.

You know what would be cool, John?
If my paper forced government employees to actually go speak with some professionals so that they know personally protected health information is. I’d be fine with that. But they CAN’T make an accusation that I am violating a law or medical ethic if I am not. If they are going to do that, in order to break the law themselves, they better know what PII is and bring a good legal argument. It’s not good enough to say, “We don’t know what personally protected health information is.” Ask someone.

Where will I find their argument? In what they redacted. But there is NO redacted document posted. I wrote to them.

1 Like

Me either or what exactly PII isI susppect that P is person I maybe identity. I did google searches of both and got NADA.

1 Like

Try goggling, “PII Federal Government Definition”; “Personally Identifiable Information”, which of course is nonsensical. Sufficient information to identify an individual, perhaps given additional information readily available online; the whole thing is a chimera defined, so far as I can determine, in 2019 at least here:

So far as federal employees are concerned I believe it amounts to enough to pin-point an individual. However that could mean anything; I take very great care to the best of my ability (I am often thwarted) to make sure any and everyone can identify me. Well, maybe except on Reddit when I’m in a bad mood.

This is nothing to do with health information; the definition, such as it exists, is government wide. The justification is some idea of “cybersecurity” and the idea that “cyber criminals” can work out who we are from what we say online and blackmail us; the modern practice of doxing.

2 Likes

PII or P2 is “personally identifiable information.” Stuff that, if someone owned or knew about you, could compromise you and result in potential identity theft.

I can’t comment on the actual paper as I never read it. The whole reason the doctors were upset was because the paper that they were distributing at the conference had already been published (by ADA) so the reason for organizers not allowing them to distribute the materials just didn’t make sense. Organizers said materials could not be handed out as they had not been previously vetted. But since the paper was already published, clearly it had been vetted.

I believe someone from HHS was supposed to speak at the conference but they canceled at the last minute. I don’t know if the cancellation had anything to do with what was going on in the conference.

I am not on social media so I didn’t see and can’t comment on public reactions. I just read the article in the NYT. And it bothered me. Having attended professional conferences my entire professional life, I just couldn’t imagine this kind of thing happening at all,

2 Likes

This is actually kinda important for an internet community to talk about becuase we vomit out all sorts of protected health information in these chats. We copy/paste blood sugar records here.

You will see a million different acronymns that mean “protected health information.” They are afraid of HIPPA violations.

PPI = Patient Private Information
PII = Patient Identifiable Information
PHI = Protected Health Information

Those acronyms all mean the same thing.

They are concerned about private patient medical records being exposed via their public comment process.

Example 1: Potential for HIPAA violation
if they have a nurse provide public comment, they don’t want to have any legal liability for exposing a bunch of private health information related to patients if she provides documentation via patient records. Obviously. But no nurse is dumb enough to do that. Sometimes they de-identify data, then it’s fine. But if that nurse were to also publish the name of the hospital she works at AND identifies herself as a nurse, it could be possible to infer the identify of specific patients (their names, phones numers, etc from hospital records).

What they probably don’t know is that the nurse is legally liable for that disclosure, not DOJ. But they also probably want to stay as far away from legal liability as possible. They know that they don’t understand the law and they feel nervous. Because they are so uncertain about what a HIPPA violation means and is, they respond by infringing on MY right to make public comment to an agency prior to rulemaking. That’s silly because they have lots of lawyers and access to doctors and they should just ask someone what HIPPA mean. Any professional in the field could tell them. It’s silly to restrict someone’s right because you are so afraid of violating some law that you know nothing about. They are DEFINITLEY violating a law on the off chance that they MIGHT violate some other law that they don’t understand. Welcome to government.

There is no HIPAA happening here. Why? I have never had professional access to any hospital medical records. I never worked in a hospital. I was a volunteer EMT years ago. It was so long ago that I barley remember it. There’s no way that I could remember specific patient details from 15 years ago. My memory is ■■■■. We kept records on paper. I also DO NOT discuss ANYTHING related to patient care in any submisison anywhere OR on this website.

I am also NOT violating HIPPA when I disclose my own patient records because that is well within my rights. Once I disclose those records, no one else can be held liable for publishing that information. I have effectivley relinquished my right to privacy by choosing to publish my own medical data.

That is breaking the brains of kids who are probably very bright, but 20 years old. They work at DOJ and read these comments. They are googling things and misunderstanding the law. They have clearly figured out that I have the right to discuss my own personal medical condition publicly. Good progress. But they are still working on figuring out what HIPPA means. They are paranoid that I have filled this paper with legal landmines, which I have not.

You all mostly use an alias on this website. That is to protect your identity. But I disclose info and just don’t care. Everyone in town already knows that I am a diabetic. If I show up unconsious at the hospital, a medic will recognize me and know I am a diabetic because we have probably worked together. That happens to me all the time. The days of me hiding my medical condition are long dead.

So, that opens some opportunity for me to discuss diabetes with the government. I can use my own medical records to support the claims that I make. But I have a tendency to flip flop around when I am speaking from the perspective of a patient, provider, engineer, etc. It’s honestly probably confusing for some kid who has never worked in industry.

A HIPPA violation occurs when a medical provider is providing care to a patient (or otherwise accesses information through records at work in a professional capacity) and then discloses that information to an inividual who doesn’t require it in order to provide care. That’s the sort of violation they need to be concerned about.

EXAMPLE 2: NOT a HIPAA Violation
If I were to write to the government that, “A bunch of diabetics in a chat room told me that they don’t like Omnipod pumps,” that is NOT a HIPPA violation.

EXAMPLE 3: HIPAA Violation
If a paramedic that I am friends with told me over coffee that a specific patient of his experienced a failure with one of the recently recalled Omnipod pumps, that IS a HIPPA violation. Because they obtained that information in a professional capacity while providing care and illegally disclosed it to me. They have no reason to provide me that information because i am not currenlty working with them to provide care on an ambulance.

It has nothing to do with identity theft. It’s about protecting private medical data. Medical data is legally protected data.

Does that help?

The fact that this requires explination makes me have more empathy for employees at the DOJ. It is kinda confusing if you haven’t been trained in it all. How would they know? I kinda assume the government knows everything and has all these experts. I am constantly disapointed. :sweat_smile:

This helps me prepare to explain it all more succinctly if I need to. It’s good practice for me. I assume that everyone knows all this, but that’s ridiculous.

1 Like

@funk, that is very helpful perspective on it all. I din’t know it was all so complicated as that. That’s interesting.

1 Like

It’s the first example in the paper that is breaking their brains.
I didn’t anticipate this.

But, to be fair to them, there are not a lot of people like us.

Most people who are talking to patients, do so in a professional capacity.

People on this forum, as an example, talk to patients everyday in a non professional capacity.

That’s where this info is coming from - casual conversation with hundreds of diabetics, and my own experience. But the way that I communicate with the government is using the voice of a provider. That causes them to incorrectly assume that I am gathering this information as a provider and illegally disclosing it in a public forum. But, really, I am just trying to give them an example of how medicine works and how the protocols break down when there’s financial incentive for that to happen.

That’s what they said? I read the example carefully because it did seem it might have the potential of revealing PII but I concluded that there was no identifying information. I guess since elsewhere you give a story that suggests that you are an EMT your “Nurse” example above might kick in, but I find that far-fetched.

If that is their reason for removing the whole comment their action seems at odds with their actual boilerplate statement, emphasis added:

[I]t is DOJ’s policy to redact third-party PII from a comment[.]

I.e. redact the part of the comment that contains PII, perhaps the whole example but certainly nothing more. It would be preferable to leave the conclusions and the intro; the first two and the last two paragraphs of the example. These clearly have absolutely no PII.

It is true that “redaction” does not seem to be well taught in the US. It is a part of US legal training but I suspect it may be optional, it doesn’t seem to be taught in general so most likely the your redactor was not trained in redaction. Even in the case of DoJ redaction it’s clear that it is not a well practiced technique.

That’s what they said?

No, they didn’t say anything. One staffer got back to me and said she didn’t know anything, which is a lie. That staffer is brilliant and knows everything. She specializes in healthcare.

I had a big conversation about if this is a HIPAA related concern with someone today. They thought so.

But now I’m kinda with you guys, that it might mean PII = Personally Identifiable Information, in the computer security sense. But if that’s what they meant, then why are the exposing more and more PII themselves over time?

Definition of PII from computer security standpoint = https://media.defense.gov/2025/Jul/24/2003760255/-1/-1/0/AEPOS25-22.PDF

I, as an individual citizen, who doesn’t work for DOJ, am not subject to any PII rules. I don’t understand what the hang up is.


See, I left my name OFF the paper because they usualy don’t title comments on a docket that way, they just have a number. (I’m comment #100, btw, which is really exciting). I was making a mild effort to conceal my identity. Mild.

It’s a huge improvment when you scroll through the docket. I like the changes. But they reveal the PII much more explicitly. A public comment to the government is, by its nature, public. Your name is gonna be associated with it, unless you chose to submit anonymously, which is an option.

I think I just broke the lawyers brains.

I saw the warning, “Please do not submit any PII,” and I laughed and I hit submit.
I gave them way more than 35 pages of PII.

Or, perhaps my paper is so brilliant and well documented that someone is hoarding it for their campaign. That’s what I like to imagine.

1 Like

@jbowler, @funk @ClaudnDaye @CarlosLuis

They unredacted any redactions and sent this nice email…
:tropical_drink: :tada: :people_with_bunny_ears:
Ms. Mortensen:

Based on a preliminary review, it appeared that one of the attachments you submitted as part of your comment on the Antitrust Division’s Collaborations Guidelines RFI Notice (ATR-2026-0001) – FTC_AND_DOJ_V4 – contained third-party personal identifying information (PII), which is why it wasn’t posted to www.regulations.gov.

However, upon further review in response to your email below, DOJ agrees that attachment contains no third-party PII requiring redaction.

Unfortunately, limitations of the eRulemaking system don’t allow a previously redacted attachment to be added back into a comment that has been posted.

Accordingly, I’ve created a new comment – ATR-2026-0001-0103 – which contains all four of the attachments which you originally submitted. I’ve also withdrawn the original comment but included in the rulemaking docket a reference to the new, un-redacted comment. (Please see the attached screenshots.)

Thanks.
I redacted his PII (his name) :sweat_smile:

5 Likes