Privacy laws surround almost every transaction, especially in the context of healthcare.

So what is privacy law?

It can be divided by industry. For example,

  • Communication Privacy Law (TCPA, CAN-SPAM, Do Not Call List)

  • Financial Privacy Laws (FCRA)

  • Health Privacy Laws (HIPAA)

  • Online Privacy Laws (COPPA, CalOPPA)

How do we practice good privacy?

       – by follow FTC Fair Information Privacy Principles and HIPAA guidelines (I hope you have those in place).

5 core principles to avoid liability:

  • Notice/awareness

  • Choice/consent

  • Access/participation

  • Integrity/security

  • Enforcement/redress

Issue spotting for privacy violations

Always consider the following:

  • How does your business collect, store, and share info?

  • Where is data stored, where is it going? (cross-border transfers, vendor to sub processor.)

  • How is information stored, shared, collected? What are the business purpose for each? (data minimization, reasonable business purpose.)

  • Who has access to the info? Less intrusive ways?

A healthcare practice comes across every aspect of privacy regulations: it collects PHI and financial information, it communicates with patients by electronic and telephonic means, and it collects and stores sensitive information online. It is important to have a knowledgable compliance officer responsible for keeping track of all the legal changes.