External Publication
Visit Post

How do I compellingly advocate for my privacy with doctors and other healthcare professionals?

Privacy Guides Community [Unofficial] June 20, 2026
Source

As you’ve elaborately demonstrated, there are definitely levels to getting privacy right in an organization. I could see how this could easily overwhelm someone. That being said, there are many services that help businesses be compliant to privacy laws.

Maybe every business should have an IT department, or at least an IT service they use regularly. This is probably a terrible reference, but I remember that in the legal drama Suits, they had an IT guy in the law firm.

Now that I think a about I have a software engineer friend who works for a major newspaper and he doesn’t even live in the city of where the newspaper is based. He works completely remotely.

Given the complexity that you articulated I wonder if regular privacy audits should be mandatory for every organization big and small, the same way all restaurants have to get certified and regularly audited. At the same time, I could see many IT and legal services using this as an opportunity to make money, and hence being more motivated by profit than by offering sound security and privacy services.

mnalis:

I don’t know how lawyers (any kind) work in your country, but over here, you usually pay them per consultation, so they’re likely to take your case regardless of the chances of winning (should you continue to sue).

Yes, I get that. But at the same time I find it ridiculous that I should pay a lawyer to find out if murder is legal. I should be able to get an answer without having to sign-on. I wish the information was easily available online, but it’s not.

Many times, if you search if Gmail is compliant to specific country’s privacy laws, you’ll get an AI answer that says no, but then you look at the AI’s source, and it’s from an American website talking about American privacy laws.

This is another reason why I don’t trust AI. For any question, many times they quote American sources, referring to American laws, when the question was specifically about another country.

mnalis:

I don’t know it if would even be legal. In jurisdictions I’m aware of, you need to become their client before they can give you legal advice; otherwise they can be disbarred.

And becoming their client usually involves giving them money

I would hate to pay hundreds of dollars just to know if the law is on my side or not. I have a few friends who know lawyers, but those lawyers are not privacy / IT lawyers. But I’ve asked those friends to ask their lawyer friends if they know lawyers who are specialized in privacy and privacy law compliance.

In the past, I have had to deal with lawyers for other unrelated issues. And usually, we speak on the phone first and I get a lot answers to my questions before making any decision on whether I will hire them. I’ve had this experience with 2 lawyers that I never hired, but seriously considered to, as we were in talks, and our conversations were very fruitful despite not me hiring them.

mnalis:

Yeah, I don’t think asking anonymously is going to work. I wouldn’t “ask them a question” , that sounds like a wrong approach.

Just as a reminder, I was talking about the data protection authority (DPA) here. Not lawyers. If I intend to file a case with the DPA, I could understand the need to disclose my identity. But I don’t think I should have to just for asking a simple general question. If I go into a store and ask what the price of an item is, I don’t expect to be asked for ID first or even my name.

mnalis:

You’d need to file a case with them by enumerating how exactly a doctor violated your privacy rights, and require them to take action to force doctor to compliance. You’d need good knowledge of law (or preferably privacy lawyer) to draft that. And you would need to reveal your identity and exact circumstances, with exact timing, copies of unencrypted email etc.

I hear you on this. But in my opinion, I should be able to file a complaint with any business or health organization even if I was never their client and they never violated my privacy.

What I mean by this is that the moment a doctor’s Gmail and WhatsApp are visible on their website and business card, that should be grounds enough for a complaint, since they are likely, already breaking privacy and healthcare confidentiality laws. My doctor did not have privacy policy section in their forms, which to my understanding is a requirement.

Discussion in the ATmosphere

Loading comments...