Privacy laws surround almost every transaction, especially in the context of healthcare.
So what is privacy law?
It can be divided by industry. For example,
-
Communication Privacy Law (TCPA, CAN-SPAM, Do Not Call List)
-
Financial Privacy Laws (FCRA)
-
Health Privacy Laws (HIPAA)
-
Online Privacy Laws (COPPA, CalOPPA)
How do we practice good privacy?
– by follow FTC Fair Information Privacy Principles and HIPAA guidelines (I hope you have those in place).
5 core principles to avoid liability:
-
Notice/awareness
-
Choice/consent
-
Access/participation
-
Integrity/security
-
Enforcement/redress
Issue spotting for privacy violations
Always consider the following:
-
How does your business collect, store, and share info?
-
Where is data stored, where is it going? (cross-border transfers, vendor to sub processor.)
-
How is information stored, shared, collected? What are the business purpose for each? (data minimization, reasonable business purpose.)
-
Who has access to the info? Less intrusive ways?
A healthcare practice comes across every aspect of privacy regulations: it collects PHI and financial information, it communicates with patients by electronic and telephonic means, and it collects and stores sensitive information online. It is important to have a knowledgable compliance officer responsible for keeping track of all the legal changes.