Hacker News new | past | comments | ask | show | jobs | submit login
My friend helped vaccinate 16 with a Telegram bot (timdaub.github.io)
18 points by timdaub on April 18, 2021 | hide | past | favorite | 21 comments



> It’s personally identifiable information (short: “PII”), but it’s not medical data.

Huh, is that the case in Italy? In the US your name and date of birth are very much PHI


> In the US your name and date of birth are very much PHI

Your name and date of birth when held by a HIPAA covered entity (where the mere fact of them being held by such an entity is a nexus to healthcare information from which it may be possible to deduce more specific healthcare information and associate it with the individual with only public data) is PHI. That’s true of PII generally.


> It’s personally identifiable information (short: “PII”), but it’s not medical data.

Just to be clear here. This sentence is referencing the "codice fiscale" and that it is not [necessarily] medical data.

The "codice fiscale" is a code consisting of letters and numbers. It can e.g. contain the first letter of your name. An example is provided in one of the article's pictures.


Yeah, Name and DOB are covered under HIPAA as PHI.


Alberto here, I made the bot.

I'm not a lawyer but "codice fiscale" is not PHI. The Italian Data Protection Authority puts codice fiscale under PII[0] and it's not mentioned in the PHI section[1,2,3,4].

[0] https://www.garanteprivacy.it/home/diritti/cosa-intendiamo-p...

[1] https://www.garanteprivacy.it/temi/dati-sanitari

[2] https://www.garanteprivacy.it/faq/fascicolo-sanitario

[3] https://www.garanteprivacy.it/faq/referti-online

[4] https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb...

[edit: formatting]


First off, good work! It is always nice to help people deal on this (sicked and badthought) platforms.

Anyhow, you should check also if a "tessera sanitaria" is considered a PHI since it includes the "codice fiscale" (and if I recall correctly, it is used often in "fascicoli sanitari" to identify an individual).

But well, I'm not a lawyer either.


Nice. Really I was just curious, and not trying to throw a wrench in anything, thanks for taking the time to dig that up!


NP! I was actually surprised that in the US a "codice fiscale" would be considered PHI :)


I'm not aware of how things work in the US, but...

Surely if you are only handling Names and DOB you don't have to be HIPAA compliant?

I mean, if you have to be HIPAA compliant (your application is medical-adjacent and/or is handling also other bits of data besides Name and DOB), then by correlating the DOB (or name) with the rest of the data, health information could be leaked, and thus you want to protect Name+DOB with the HIPAA standards (even just the fact that a certain name uses a certain app/is inside a certain system might be sensitive).

But otherwise... almost every system under the sun is ingesting name+DOB.

(there's a case to be made that the system described in the post is a medical app... but again: different jurisdiction)


Yeah I think it only really matters if you are trying to be HIPAA compliant, like you said, because you’re also dealing with other health information about people.


*Meant to say in the United States.


Looks like each country has some kind of i depended developer that tries to fix poor official websites for vaccine appointments.

In is there is https://vaccinefinder.org/ (and probably others).

For Poland I've built something similar (but contrasting with the article I don't take any PII, I just post the available vaccination spots, so the users themselves need to book the spot with the info I provide): https://szczepienia.github.io

(sorry no English version)


Your friend helped 16 people get a vaccination rather than a different 16 people getting a vaccination. The same number of vaccinations were given out.

Cool project though


I think there's different demands in play, I would skip lunch if it meant someone who really wanted to eat got it instead.


I guess it depends if you think signing up to a telegram bot is a good signal for vaccine allocation.

In reality I assume a low-risk young adult is more likely to use a telegram bot than a tech-illiterate grandma.


Alberto here, I made the bot.

The vaccine situation in Veneto is complex. It's not "first come, first served". There are different cohorts. Right now the only people that are eligible are people over 80 and people with pre-existing health conditions.

Many of them have troubles using the official portal, and they ask their children to help them. Their children are around 50, and have to actively poll the website trying to get a spot.

I didn't build the bot for young, tech savvy people who want to get first in the line. It's exactly the opposite. By smoothing the UX it makes booking the spot for the vaccine accessible, and it removes the burden of constantly check it. It may also help in avoiding wasting doses by sending last minute notifications about new available spots.

I have few emails from people thanking me because they were frustrated by the official website, and the bot helped them to book a spot for their parents.

[edit: add whoami]


I think it’s a cool and fun project so not dissing it! :)

Just thought the title made it sound like 16 extra people had been vaccinated!


I'm glad you gave me the opportunity to clarify the accessibility part more :)


OP here, it seems my account is blocked from showing up in /news. Or Am I just not finding it? Any mods here that can help?


OK nevermind!


Nicely done.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: