Privacy & Security

If you are a health or wellness coach, you may wonder if you are subject to HIPAA privacy and security standards. Many coaches assume they are, but many of them would be wrong. That doesn’t mean HIPAA privacy and security standards should not play a role in your practice, but whether coaches are technically required to comply does play a role in how address privacy and security concerns of you and your clients. If you are like most health and wellness coaches, you will likely collect private information from your clients. This may be health information, and will certainly be…
As we have mentioned previously, there is no overarching federal data privacy law in the United States. By contrast, the European Union’s General Data Protection Regulation (GDPR) regulates data privacy, including consumer data, in all sectors. Although there is no overarching federal data privacy law in the United States, there are a few sector-specific laws. In health care, for example, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) govern many aspects of privacy. Also, the Telecommunications Act and the Controlling the Assault of Non-Solicited Pornography and Marketing…
Healthcare providers are subject to a vast array of privacy laws but, until recently, still had discretion in fulfilling requests for information. Now, new rules governing “information blocking” will curtail this discretion and impose new compliance risks in fulfilling requests for healthcare information. “Information blocking” is the prohibited practice of interfering with access, exchange, or use of electronic health information (“EHI”). This Legal Update will outline (1) who must comply with the new rules, (2) the basic requirements of the new information blocking rules, (3) the relevant exceptions to these requirements, and (4) practical considerations for health care providers seeking…
Words matter; but what you actually do matters more. When the words and actions don’t line up – trouble is brewing. This post is about Privacy Policies and why, just like other contracts, copying and pasting one from the Internet may not be the best idea. Read on for more information. Privacy Policies are notoriously copied; everyone knows it. Fortune 500 companies with an army of in-house lawyers copy them from each other, so you can imagine how many smallmedium”regular” sized companies are out there rolling with “hot” Policies…. On the one hand, I understand a little copying. As a…