Quick 3 Links today.

Find a common thread among these three links? Challenge accepted!

CMS Health Tech Ecosystem - A Special Message

Published on 26 Jul 2025 on YouTube by the U.S. Department of Health and Human Services; h/t Josh Mandel on LinkedIn

If you care about health IT, Josh Mandel, MD is a must-follow for his ground-breaking experiments in health data flows that work better, including AI research. I was grateful for his pointer to this video from HHS’s Strategic Advisor, Amy Gleason, making a strong call to industry for, well, more innovation of a similar sort. She had me from the get-go.

What if I told you that in 2025, your health data is doing less for you than your grocery shopping app?

Watch all three minutes to learn exactly what happened when her daughter uploaded her health records to an AI assistant.

There’s a hint in the video captioning, if not the talk track, that some related announcement is coming on July 29th. We shall see.

Share

Sam Altman warns there's no legal confidentiality when using ChatGPT as a therapist

Published on 25 Jul 2025 at TechCrunch

Okay, connecting this piece to the previous one is not actually a stretch — I’m sandbagging a little.

Sam Altman, while fighting a court order to produce customer chats, is also warning that people really ought not to talk to ChatGPT about all of their emotional struggles.

“I think we should have the same concept of privacy for your conversations with AI that we do with a therapist or whatever — and no one had to think about that even a year ago.”

Of course an AI chatbot is not a legal entity, much less a licensed one like a doctor or therapist, but if he’s suggesting there should be similar protections over such chats, I can think of quite a few things his company could be doing or investigating to provide better-than-legally-compliant privacy. After all, as the article points out, many individuals are motivated to seek out such features — at least when they’re given transparency about market alternatives.

Any health innovations will need a strong grounding in protections of every sort, such as those mooted in my Consent Is Dead paper. (Did you know that some medical professionals believe informed consent is impossible to achieve?)

Leave a comment

Intruder releases free tool to detect broken API authorization

Published on 22 Jul 2025 at TechCrunch

Intruder Solutions has released AutoSwagger, a free open-source tool that finds your machine-readable API documentation and surfaces un-secured endpoints.

(Health of an API — get it? Not an API for health like FHIR, though this tool should probably be run on FHIR servers too.)

…the tool has already been found to be effective. During Intruder’s research and testing of AutoSwagger, the company’s security team detected exposed Salesforce Inc. records with personally identifiable information at a large multinational tech company and an exposed internal staff training application [t]hat would have allowed potential attackers to run queries against the database at a multinational soda company.

The only thing I’d push back on here is the prescription coming from the company itself.

“The lesson here is, in addition to regular API scanning after each development iteration, that you shouldn’t publicly document your APIs unless you can’t avoid it.”

I understand avoiding exposing information to hackers; this is why error messages shouldn’t be too verbose. But the principle of the API economy — not to mention Zero Trust — is that you should be able to treat any component as external. If you have endpoints, you MUST protect them, if not with a highly flexible stack like OAuth, than at least with something. The vulnerability is not “returning sensitive information”, it’s “missing authentication”.

Something is better than nothing. You heard it here first.

Short and hopefully sweet this week. I hope you’re enjoying the dog days of summer if you’re in the northern hemisphere, or the “dog days of winter” if not. Drop me a note if you’ve got upcoming plans that can use Venn Factory advisory or speaking to make them irresistible. I’ve got a new webinar appearance coming up on August 15 — make sure to subscribe or follow me for details!