HIPAA doesn't care about your POS TOS. It either applies or does not.
That said, it's both less broad and more toothless than I'd like. If FB convinces you to install a tracking pixel (like button) stealing your private medical data, they likely haven't violated any laws. At most you'd be able to file a claim against the person who created the leak.
Not a lawyer and all that, but for TFA I don't think HIPAA would be a valid way to try to limit your losses. It's a bit closer to what would happen if you (a doctor) uploaded patient data to Google Drive and then somehow leaked that information (one of Google's contractors disclosing it, a hack, whatever). Nothing about ESHYFT's offerings requires or would be benefited by the data HIPAA protects, and (ignoring incompetence and other factors) I'd be as surprised to see my health data leaked there as I would to see a YT video going over my last lab reports because of some hospital's actions.
They could still be liable for all sorts of other damages (and maybe somebody can convince a court of a HIPAA violation), but it's not an easy HIPAA win.
That said, it's both less broad and more toothless than I'd like. If FB convinces you to install a tracking pixel (like button) stealing your private medical data, they likely haven't violated any laws. At most you'd be able to file a claim against the person who created the leak.
Not a lawyer and all that, but for TFA I don't think HIPAA would be a valid way to try to limit your losses. It's a bit closer to what would happen if you (a doctor) uploaded patient data to Google Drive and then somehow leaked that information (one of Google's contractors disclosing it, a hack, whatever). Nothing about ESHYFT's offerings requires or would be benefited by the data HIPAA protects, and (ignoring incompetence and other factors) I'd be as surprised to see my health data leaked there as I would to see a YT video going over my last lab reports because of some hospital's actions.
They could still be liable for all sorts of other damages (and maybe somebody can convince a court of a HIPAA violation), but it's not an easy HIPAA win.