I assume you and your wife are not in the US. Stateside, you would need a Business Associate Agreement to send protected health information to a third party.
Not always. It is not necessary to have a BAA to look up diagnosis information using patient data, so long as the data used maintains the patient’s anonymity.
For example, a doctor googling your symptoms doesn’t require a BAA with google.
Google's black box ad optimization stuff probably links you with the doctor via your searches for them and then links the doctor's searches about your conditions to you based on your own related searches, or do they have safeguards for this?
