 Hey there, how are you? I am great. I'm going to turn up my volume a little bit so we can hear you okay. We are recording a session on an interview with the owner of the Twitter handle, Bad Hypotakes, by way of introduction at the start of the pandemic, all the way through the insurrection in the capital and on into the vaccine rollout, nationwide healthcare privacy law, HIPAA, with two A's and one P, has gotten more famous and more misunderstood than ever. Out of this morass of politicization and polemic emerged the Twitter handle Bad Hypotakes at Bad HIPPA, notice the misspelling. This Twitter handle shines a light on the absurd, the funny, the sad and even the accurate in a must follow for anyone interested in privacy. Today I'm going to be interviewing the author of that handle and asking them some questions based on what they've seen in the past year and the future of health information privacy law in the US. So I'm just going to kick it off and get started. I think the first question we want to know is what motivated you to start tweeting about Bad Hypotakes? It all started with the epidemic of masks exemption cards that showed up on Twitter back in May of 2020 when I created the account. These were being shared all over by this fictitious freedom to breathe agency and they were talking about how HIPAA spelled incorrectly of course and the Fourth Amendment prohibit people from requiring masks and not being able to ask about why you're not wearing a mask and those sort of things and those cards referenced those laws and used official government logos to appear credible and official. This misinformation campaign really bothered me. I wanted to see if I could do something to put a stop to it in retrospect the answer is no clearly. Here we are and I'm a follower of the Bad Legal Takes account and a few others in that same Bad Takes vein on Twitter and I thought that was a pretty good format to emulate. So I started there and it just kept going and here we are 13 months later. Yeah and we're going to be at it for a while no doubt. Now when we were first arranging this I checked and you had about 15,000 followers that was a couple of months ago what are you up to today and does it surprise you that that many people are following along? I'm over 18,000 and growing as of today there's actually literally as we're recording this session there's an incident going on with one of the people that has become a favorite bad HIPAA tweeter Marjorie Taylor Greene and my mentions are absolutely exploding. I'm tremendously surprised by this. I never imagined that such a niche area of interest would attract this kind of attention. I think I tapped into a moment people found the message relevant and humorous I get a lot of gratification from knowing that I make people laugh with my content. I get some nice DMs from people thanking you for running the account which is always good. I don't do any kind of you know tweet promotion or monetization or advertising but I've had solicitations for it. It's just not my thing so it's all been purely organic growth. You definitely people definitely get more with honey than with vinegar and I think humor you know goes a long way about that and we'll get to Marjorie Taylor Greene maybe in a minute but I guess my next question is sort of looking back over the last 13 months almost 14 months now do you feel like the takes you find sort of have categories and what would those categories be? Yeah for sure I mean the lowest hanging fruit is just the simple misspelling which you know that's that's kind of boring on its own you know people spelling it with you know two p's and one a thinking that the p's stand for privacy protection most of the time which of course there's no privacy mentioned in the name of the act. Then there's you know the excuses for not wearing masks and wanting exemptions from that excuses for not talking about vaccination status that's another kind of major category and probably the largest overall in volume. Early on when contact tracing was a new thing people were learning about because probably most people had never heard of it before that was a big topic people were thinking that contact tracers were you know violating HIPAA by asking about you know how you came to contract the virus. Then there's the reporters you know talking about sports injuries or players being out for COVID or you know whether they're vaccinated or not and you know this this is all stuff that's like the players have waived their privacy in most cases you know under the the league collective bargaining agreements and other contracts so that's you know not not really violation but it keeps coming up and then there's the final category really is the celebrity and politician stuff you know this this politician saying you know X or Y is a HIPAA violation when it's not or you know the members of the public getting upset when you know their guy has some kind of you know health information outed to the public by you know reporters or people on Twitter or whatever yeah yeah exactly and then in terms of all of those categories and I'm sure there will be more hot bad takes coming in the future but like what's your top one or the favorite one you've had so far and I saw the green day one just today I was checking and so that was pretty good but what's your favorite yeah I think I don't know if I have a favorite bad take you know there there've been so so so many and I tried you know researching back through my timeline and couldn't find one that really jumped out but you know but just by volume you know the reactions by the public to the the contact tracing early on and the more recent announcements by the administration and about the door-to-door vaccination outreach that one got a lot of attention very quickly and you know I want to say something about that you know personally I'm very disappointed in the messaging on both of these topics you know the administration really stepped in it when they spoke out so vaguely about this door-to-door initiative and left room for the most disingenuous of their opponents to you know make all these these accusations that the government was keeping you know secret lists of unvaccinated people and all kind of this this nonsense yeah you know and and the whole just overall politics politicizing our response to the pandemic has has caused people their lives and and that's just it's just unforgivable yeah notes and I mean as somebody who used to explain HIPAA to the rest of my political colleagues in the government I I feel that very um at a very empathetic level because I remember my own conversations where somebody would say well doesn't it do blah blah blah I'm like no actually it doesn't do that at all and so I think a and a really important object lesson in the privacy realm for all this is that you can't explain it simply enough often enough and that's one of the great things about your handle is that it it tries to get to the nut of what what really is the health information privacy law and what it what it means and then of course we'll talk about this in a little bit where does it not apply which is a really key key part of it um so I wanted to ask you you may it makes people who read your handle laugh but you must be laughing yourself sometimes so do you have you know a favorite humorous moment with your handle or reply to uh something you posted yeah there was one you know a day ago which you know there was a good HIPAA take because there was an actual violation involved but the the comedy of it was the sort of circumstances surrounding it I'll I'll read the tweet and kind of paraphrase what what they say because there's some stuff in it that's a little you know uh adult in nature but you know oh I think I know which one you're going to talk about that one was I bet you do yeah so this is the morning on the recording uh people under 18 shouldn't be listening to this part of the recording now go ahead yeah so the the handle that tweeted it out you know goes by the name bull cut boy and they said you know one of my fans got fired from his job because he violated HIPAA when he posted a video of him performing a sexual act I'll say in a private inventory room for his only fans and exposed six patient names and addresses no words and I mean this one was just hilarious to me because you know it's talk about a bad way to get fired and you know a ridiculous way to violate HIPAA and not to mention is the person who tweeted that should they even be telling the story of somebody else's firing in such uh extraordinary circumstances like there's a whole privacy angle to that too right the person right there telling a story about somebody else they're not telling their own story yeah of course who knows if it's true or not I mean you know if it's on the internet it must be true right insert left track here right well that kind of takes me to the one that I I found one of the funniest ones here which was you several months ago you you had a whole string from a twitter author who was claiming that HIPAA derived from the Nuremberg treaty and I know quite a lot about the history of privacy laws and most people date are concerned about health information privacy to the 1970s the Belmont report or maybe farther back to justice Brandeis but I've never really heard the Nuremberg trials cited I have to say I did go down the rabbit hole of that tweeter's tweets to like kind of see what was there and whether there was any substance like did I miss something should I educate myself on something it turned out to be a complete dead end but I wonder if you ever see takes yourself that you're like hmm is there is it should I go down that rabbit hole should I check on whether that thing is true or not or mostly you avoid the bait so like any human I'm not always as thoughtful as I probably should be but there are definitely times when I will pause and review the regulation review the content that I'm looking at look for more context and try to find you find out more about who said what and why and what's behind it there are plenty of submissions I won't take on at all just due to the nature of the topic some some things are too radioactive even for an anonymous account to really want to engage with or things I just don't want to associate myself with you know a recent example you know and this isn't too bad but you know there was a another tweet I'll kind of you know paraphrase a little bit because again it's get some you know profanities in it from a a person saying they're an ER nurse had an effing cop come up to the nurses station trying to find out if a patient was getting discharged quote so we can detain the individual on the way out of the hospital I told him to get after he thought I was going to violate HIPAA and called security felt good so this was a person who you know in a you know healthcare provider capacity right HIPAA does apply but does it apply to this exact situation and I you know I had to go reread the regulation and specifically look for some cases where disclosures to law enforcement without you know patient authorization are allowed and you know it's quite possible that there that this does fall under one of those exceptions but I don't know I would be speculating because there's not an effect in the tweet to really come to a solid conclusion so that's that's one where I I couched my response a bit with you know the possibility that there's not enough information right well and there are always that I mean I have this myself I don't have 18,000 followers so I'm envious but where people really just want you to give them the entire regulatory analysis not only on Twitter but in public and for nothing and since certainly for me I'm in the business of being a lawyer I like to get paid for my expertise unless I'm doing something as fun as this in which case I'm all in on volunteering um but uh let me let me ask you about sort of some a few more serious things right now so 18,000 followers is a pretty big following in a really rarefied niche and I have a few questions about the sort of niche part of it the first one is um you know that's a pretty low big platform I know I know who follows you and it's a lot of people who can be good amplifiers of well-placed comments and ideas um do you ever want to use your platform to like sort of change the way our laws work and and if so what would you want to change? I think it would be great to find an avenue for using my you know using my powers for good as it were I think my desire for privacy and anonymity might ironically present a substantial obstacle to that I don't think Congress takes anonymous testimony from novelty Twitter accounts but in the meantime you know in my personal capacity you know I do what I can to emphasize appropriate customer privacy controls and security as the first classes and of the work that I do in in my day job as far as you know going further than that I'm not sure what you know what a good approach would be but you know maybe there is some space for collaboration with some of the other higher profile folks folks like yourself and others that that are you know on my timeline who would be able to amplify some interesting ideas you know I don't know if you wanted to segue into that one about prospect for changes in HIPAA or something else yeah I I think that'd be great um I it's definitely something for this particular audience at the biohacking village that we talked a lot about last year last year I did a presentation about how to you know what were the laws and how to influence them I think that in many ways the consumer privacy conversation is somewhat more abundant obviously the Biden administration came in with some very specific agenda items that you know have to do with COVID and getting the economy back on track and infrastructure and then of course the politics of Congress are very complicated right now with these very thin majorities sort of not really a majority in the Senate um but it's also a situation from to my mind being sort of in privacy and a digital health advocate that if we don't fix the consumer privacy side of the equation then the power of digital information to really help us improve our society will be quite a lot forestalled and so I'm a huge advocate of actually individual citizens letting their congress people know what's important to them um but what do you think I mean you're you're looking at that you're getting a lot of information from people on Twitter and there are wide a wide variety of people are people obviously they don't understand where HIPAA and so there's that but what else are you observing in the way people are interacting with you about their consumers awareness of their privacy rights whether privacy is important to them as opposed to like attending a political excuse yeah I think it's both um you know as far as awareness goes I don't I don't think that like over the last year I don't think I've observed that people are becoming any more aware of their privacy rights and laws you know even with recent articles that they've been from some of the trusted news outlets highlighting how incorrect people are about what HIPAA is really about there's so much resistance to those facts you know again just going back to like Marjorie Taylor Greene she continues to spout about HIPAA in wrong ways and she's making it worse um I don't have data to support you know the level of awareness um you know and my my viewpoint on it will be naturally biased by what I'm observing right I'm looking for the the worst and dumbest things that I can find because they're the funniest to talk about um but you know I what I really think is HIPAA for a lot of people is a stand-in for the general privacy protections that they wish they had um it it may be the only thing the only law or regulation that that they've been exposed to in the privacy space so I don't blame most normal people for not understanding it after not even reading the notice of privacy practices that they got handed at their doctor's office like that's probably how most lay people are even introduced to the concept of HIPAA so short on details they're they're they can be excused you know for not knowing yeah you know I I think I think that's a as a stand-in I think that's a really great way to frame it but uh then we have to assume that people wish they had some kind of better privacy rights what are our prospects for that and and I mean you know there's like the European method there's like the Brazilian method there's the you know state of California state of Colorado there's a lot of different ideas kicking around do you see kind of any prospects for that and and if so where do you think they should go which direction should we go I think you know thinking about some of the other laws that are out there you know GDPR you know the UK's privacy data privacy act there's all these templates right California has the cpp Colorado just passed a new one you know and all of these things can serve as templates and experiments for you know figuring out what works and what doesn't and what consumers and you know individuals need and don't care about you know and so that state by state aspect is interesting you know it's one of the benefits of federalism you know we can try things across different states and see how it goes and you know people in their own kind of unique cultures and in those states can can ask for the things they want and then it gives us the opportunity to observe and correct and continuously improve the downside of it though is you know the resultant confusion and disparity in how individuals are protected and how companies must act you know think about the this huge shift to remote work we've seen what do you do and you're an employer and you've got employees in multiple states office locations in multiple states the business is incorporated somewhere else you've got maybe even some global offices how do you possibly begin to manage the different privacy regulations in you know in a single population that has unique laws that apply to it you know or even in the consumer retail space how does somebody like amazon handle 50 different privacy regulations for 50 different states you know what if you're a customer and you have homes in different two different states and now you when you buy a thing which privacy regulation applies to it and so I would advocate that you know this is just to give a little bit of window into my my philosophy I think this is one of the rare cases where I were where I would want the federal government to take a position and for that position to be largely driven by individuals who have done like you said earlier contact your your congressperson let them know what matters to you about privacy let them know how you're not being served let them know how you've been injured by your privacy breaches and that sort of thing and then maybe we can actually get something that represents the needs of a broad cross section and doesn't create undue burdens for everybody to try to implement and understand yeah and I think that's right and I mean it's you know the whole conversation and congress is more abundant good good thing for the states that can take action but it is you know the people are mobile and so is their data and that for that reason alone we should have something that's the same everywhere I I'm supposedly an expert in this and I don't want to have to think about it as I move from state to state or buy something from through Amazon but the shipper is actually in Kentucky like I don't want to have to think about it you know and and and I can imagine what it's like for somebody who barely who knows enough about HIPAA to know that it's a thing and spells it wrong right as opposed to being a general law that applies to everyone I I don't know what will make that we'll jump start the political conversation perhaps it's something having to do with cybersecurity or the other activities that are occurring relative to our big social media platforms and so I want to turn there in some of our remaining time so you know the Biden administration has done a couple of things since coming into office one is it enacted a really what appears to be a very broad and cross cutting executive order on cybersecurity but my take on it is that it's primarily about the supply chain particularly the supply chain controlled by the government which makes a lot of sense given what executive orders do they don't regulate private conduct they tell the executive branch how to execute their duties but sometimes especially in the purchasing realm the way the executive branch executes its duty can really have a great ripple effect into the rest of society and so a question has come up that we would we really would appreciate your insights on which is you know will that executive order on cybersecurity change anything about what we experience as consumers and healthcare patients or healthcare people working in healthcare um from a privacy and security perspective I don't see that but maybe I'm missing something yeah I mean executive orders can only do so much as you pointed out right by their nature and constitutional limits on executive power their scope is limited Biden can direct his agencies undertake these efforts and figure out how they spend money and who they spend it with but this infrastructure hardening is going to take a ton of time and money whatever they don't have in the budget they'll have to run through congress and but your point about congress and it's you know more abundant nature I don't see progress happening there and with all you know what we if we do manage to spend the money I think what we'll mostly see is an enrichment of existing IT contractors federal IT contractors like general dynamics Buzelle and Hamilton Raytheon etc I see these kinds of executive orders more as a vehicle for publicity I call to action than something that actually does a whole lot yeah you know I'm not I'm not especially bothered that this order doesn't mention health or healthcare you know I think to the extent that there are federal systems that handle healthcare data you know I guess Medicare and Medicaid could be affected by this so if we've hardened the infrastructure that supports those services and those those agencies then you know the people that are using those services should experience some knock-on benefit from that but you know the other side of it the thing that scares me about executive orders like this is that whenever the government starts talking about and in the language of fear which you can definitely read that in in that executive order the fear of you know cyber attacks and all these things you can expect bad things when we pass the Patriot Act and all that domestic surveillance that came with the Patriot Act that's one example you know so I worry about a potential expansion of that kind of activity you know worth you know like an unholy alliance between the federal government and network carriers you know and trying to do things like you know go go and get get those backdoors to encryption methods that the federal government has been begging for for decades so that's that's what I see as a potential downside of this kind of order and the things that might come out of it. You know it's an interesting discussion point as a person whose data was stolen by whoever hacked OPM you know they took a whole big file I know I know exactly of mine what they took but also many many many millions of Americans you know and at the end of the day I think the the story in the Washington Post which has pretty good reporting in cybersecurity was that you know OPM outsourced something that outsourced something that outsourced it to somebody else who outsourced it to China and a backdoor got built in and so that all I always think about the supply chain and how it basically is something that comes into conflict with the government's desire to spend as little of taxpayer money as possible and it's a complicated a complicated thing good cybersecurity takes resources. Yes it certainly does and that supply chain I mean that's you know we've seen lots of supply chain attacks in the last few years and that's going to continue to grow especially when there's valuable data targets out there. Yep and and when people are you know giving giving them short shrift that's almost a whole conversation for a whole another day but I had a second thing I wanted to ask about relative to the Biden administrations or the second thing they've been doing and some of the states back to the Trump administration and the last years of the Obama administration as well but some of it is new is really kind trying to look at the the relationship of platforms large platforms dominant platforms with higher volumes of data and I'll get to a few of those in a second and that the impact of that on competition. So you know we have a new a brand new caught up the press last week executive order on competition in social media platforms really looking at or you know the Facebook's the Twitter's the Google's the Amazon's of the world but even before that we had the HHS attempt to kind of unblock health information that was really held by two or three dominant EHR systems which are from a structural standpoint analogous to a Google or a Facebook like everybody is there and that's why you go there right that's the wall garden and all that kind of stuff and so and that resulted in this you know ban on information blocking and the governmental attempts literally since 2015 to fortify the right of you and I as individuals to get and control our own health data from a holder of it. So in my mind those things are related because the more you hoard the data the harder it is for incumbents to bring new ideas to market new innovations to market and of course the harder it is for patients if their data is being hoarded to you know take the action they might want to take to find another doctor or whatever it is because it can't get their data out of the place it is and I was wondering if you had sort of any thoughts about whether really focusing on these incredibly large data oh I was gonna say one more thing and the third thing is obviously within the big social media platforms people do use those to you know to talk about their health their Facebook is chock full of you know groups where people are providing peer support for particular health conditions from HIV AIDS to domestic violence to breast cancer to veterans with PTSD it's really the whole gamut and they're all kind of trapped because there are no other networks that have that level of peer interaction you know the same number of peers as it were so people really feel stuck there as well so looking at that whole big stew of the relationship between large caches of data and the effect of that on competition both from a business innovation perspective that might benefit consumers and from the perspective of consumer empowerment do you see the same kind of issues that I see or do you have a different perspective that you know it's okay how would we go about how and if if it's not so great what should we do about it I agree completely that privacy and competition are inextricably intertwined you know just from my own experiences you might guess that I'm a fairly outspoken person I've had my share I never would have thought that right I've had my share of run-ins with Facebook's defective in my opinion content moderation system I don't mean the algorithms only I mean the people that review bad automated decisions as well and I would love nothing more than to be able to take you know take my toys and go home take my data from their platform and take it to somewhere else you know maybe miwi or some other social network upstart could build an import method so that I could download my facebook data from there and import it over there and then boom now I'm kind of you know I still have all my stuff but the problem with that is the network effect I can't convince many people to migrate off of Facebook despite all of the things that they also don't like about it it is just so powerful and the force of inertia keeping people in that one place makes it very very hard to to make that kind of a move so because that the competition is limited both naturally by that network effect and mechanically by the information service providers like Facebook there is no way to migrate your data from one to the other you can't migrate your your friend network from one you know service to another consumers don't really have a way out to your point these support groups that are on you know facebook or take your pick of whichever network it's very very difficult to to pick up and move that and there's so much value in those communities being able to support each other and do all of that work that you know it feels like there's a spot for the government to push on this somehow I'm a fan of a light touch from our government but there's gotta be some way to balance the those the property rights of service providers who've built these immense platforms and run them at incredible cost and the privacy protections and maybe portability protections for individuals you're thinking about HIPAA you know time is back to HIPAA that was originally about portability right the ability to move from one employer to another move your health data move your health coverage all that stuff and so I think there's a pretty strong parallel there for you know a personal information portability regulation that if if you are you know submitting all your information and getting stored in these these massive databases you ought to be able to have control over it and I think that's something that people could all kind of agree to I think if you talk to individuals they would agree to that but getting people to think about that and care about that enough that they would talk to their representatives about it that's a different kind of effort yeah no I think I think that's right but that's a great segue to my next question which is of course HHS and ONC and the Office for Civil Rights are working on this pretty hard with this fortification of the long-standing right under HIPAA of an individual to get a copy of their own data and of course 20 years ago that meant a photocopy from a Manila folder but it's come to mean you know the electronic data in the EHR that your doctor's office is storing on you or in fact in this case your health plan as well and you know the requirement that covered entities make that data available when you you as a person present an app to them I was actually just talking about this at work yesterday and I can tell you I will be changing doctors in January changing health systems and I plan on taking all my data with me if I can depending on how hard it is but I was wondering I know you're aware of that what are your plans are you gonna are you gonna get your data and put it you know on your files at home or pull it into your Apple health kit or whatever your own personal PHR is you're gonna take advantage of your right to whatever extent I need to you know I'll say I'm blessed with generally very good health so I have what I would say is fairly limited you know PHI hanging out out there in various databases so you know for me I don't I don't typically experience difficulty with getting that data from the doctor's offices or hospitals or whoever when I when I need it but that's also because I know about these rights and I am able to as an outspoken person be a strong advocate for myself with the health system that's not something that everybody is blessed with right you know but all that said like I think the requirement that PHI being made available electronically and transferable to a personal health app is great I think going back to the commentary about portability and competition and privacy and security you know there have to be some pretty strong controls and I think pretty significant penalties in place available for those personal health apps you know if those become pretty rich targets again for cybersecurity threat actors and so where where that data consolidates it becomes an interesting target it might it might have the opposite effect if there's an explosion of personal health apps then maybe that distribution of the data across you know dozens of of different systems and databases and applications means that there's never as much of a single big important interesting target you know that that might be an interesting effect sort of like blockchain but for real sorry I'm a cynic about blockchain but yeah you know I understand me and also it could be in in our dream world that if there's an explosion of competition in the space of people helping you as an individual manage your health data that there will be competition on privacy I mean it might be that it turns into pay for privacy but it also could be just right rising tide of privacy in in the way these apps function that's that's for sure well we're coming up to the end of our time I have one last question for you which is here we are we're making this recording for the biohacking village at DEF CON if you have one thing about HIPAA that you want your audience to take away with them today what would it be the big thing really is HIPAA is about more than just your privacy a key thing that I think everybody needs to know about it and we talked about it a little bit already is that right of access the ability for you the patient to always have the right to receive your health information is so important for you to be able to advocate for yourself you know you have to be able to see what your records say you might need to audit them and correct things that aren't accurate because not everything is perfect in the health system and you know the ability to then share that data with other providers that might not be connected with you know the insurer that you're working with or might be in it you know a specialty provider in another state and it's difficult for them to interact with your provider directly you know I have friends who I've counseled about this where they're having terrible time you know they've got complex health problems that they're trying to navigate and they're having difficulty getting their data delivered from you know like the imaging provider hasn't been able to send the imaging over to their specialist right yeah images so for me like yeah well different formats different applications different systems I mean that's all it's all hard right you go to you go to the imaging place and they add you a CD and it's like what am I going to do with this right you know imaging is so the other I was just gonna say imaging is a weird one because in fact the radiology centers are usually using storing it in the cloud and they could just give you a credential right they don't actually want to give you the CD they could give you a credential or they could give a credential to the person you want to have read the image it doesn't have to be a CD even that's like a whole another problem yeah did HIPAA scare them off from being able to do that where all of the the scary regulations and things something that made them say well no I have to do this in this like maximally secure way and a CD nobody could ever intercept that you know I don't know that's one of the myths I never got to bust but it's definitely I've looked at myself for my radiology like why don't you just give me a credential to your cloud and I'll go look at it right and then the other thing changing in that right of access is a new requirement to go to 15 days instead of 30 for the delivery of those records so that's really key too you know when when you're trying to get something you know when you have a health problem times of the essence and you know you can't be waiting on providers to send data back and forth to each other sometimes you have to take it into your own hands to acquire that data and move it to them yourself and so I think again just right of access everybody should go go visit the hhs.gov website search for HIPAA right of access read about your provider's obligations understand what they have to do and and what they're not allowed to do and and make sure that you're able to advocate for yourself in that system there's also hot tip there are actually some really great videos live action videos that are on the OCR's youtube channel and you can put the links on your phone and then you can just play them in the doctor's office for the receptionist even better I know having to have you written the check for those videos we have a lot of fun making those well we were we are kind of at time and I'm really glad to have been able to do this I want to give you a chance to ask me a question if you want I kind of live out loud and people know who I am but if there's anything I can answer for you I'd be happy to any questions that you want to put out on the table I guess what do you what do you think is going to be the the evolution of things over the next decade and in health IT you know where where are we really going to go I mean there's stuff starting to happen now with you systems are getting more interoperable and all that does that just kind of continue does that accelerate what do you what do you see happening there I mean I I've been working in this space for a long time and I definitely see that the digital technology has really enabled a convergence of economic sectors that used to operate pretty separately and they're converging at kind of at a business to business level the the thing I don't know is that back to sort of more abundant consumer privacy law I think that they will we will never really get the value of that from a an economic learning and improving our society perspective until we can make sure that consumers feel a hundred percent secure or far more secure than they feel now about how data about them is being used because the consumer mistrust will erode the ability of the digital technology to innovate it's it'll be like a little like the tide coming in and out right there's always a wave in but there's always the undertow pulling back so that's what I would really like to see solved I would really like to see a world in which consumers feel a lot more confidence both about what's happening specifically with information collected in the health information system so technically subject to HIPAA right now but also information that is some people called health adjacent information it's about your health but is being exposed about you in the rest of your life in facebook in your amazon shopping in your google search um you know in yours in your personal social media posts wherever you post your your own status your flu tracking and all that kind of stuff so that people feel that they can contribute knowledge without um actually having it harm them that's where I want to people to be more confident about contributing knowledge that they're not going to be harmed when they do that so that's why I hope that's where I hope we go that's why get up every morning I keep working at it yeah that sounds like a great future I'd love to see that yeah well this has been super fun thank you so much for being open and sharing your views with us um for the audience this is a great uh follow just keep keep the follow count up it's at bad HIPAA with two p's at bad HIPAA takes um it'll be a source of constant amusement and you might even be able to post a question so thank you so much for your time today appreciate it and enjoy the oh it was it was amazing let's stay in touch on twitter we shall all right take care