While I am not an expert in the details, this seems aligned with HIPAA to me at a high level in the following sense. While HIPAA got marketed as protecting medical data (privacy), it really was intended make medical data shareable (portability). Think of it like a trojan horse: get this in with that. Or, a misdirection: look over here, while some other thing happens. Therefore, automatic Zoom transcripts of tele-health appointments are remarkably well-aligned with the intent of HIPAA.
Think how much more sharable and more complete digital medical records can be now. (And the breakthroughs that may come of it! Etc., etc.)
To wit, "As much as there's a law, HIPAA supposed to prevent people from revealing your medical data, suppose to be protected, which is completely false. 20% of the population works in health care. That 20% of pop can see the med data. the med data you are not ware of is being sent to insurance companies, forwarded to government health info exchanges...." - Rob Braxman Tech, "Live - Rant! Why I am able to give you this privacy information, + Q&A", https://youtube.com/watch?v=ba6wI1BHG9A
Perhaps slightly off-topic: the U.S. Department of Health and Human Services (HHS) seem to be paying particular attention to security/privacy as it relates to providers of medical services using online tracking services. In a recent open letter they mentioned Meta/Facebook and Google Analytics by name. I imagine communication services like Zoom are also on their minds.
If they generate an AI model based on your data and allow anyone else to use that model, you should assume that the user will also be able to query data about you.
So really it all hinges on if the AI is only used in house, or if it is accessible by the general public.
