HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

Smile! Privacy Policy Snapshot ~ Model Privacy Notice

June 8, 2017

In thinking about patient privacy, many folks assume that HIPAA is the first and last word on the subject.

Nothing could be farther from the truth. Protected health information under HIPAA (PHI) is also protected by a variety of other federal and state regulatory schemes. In addition, there is personal information that is not subject to HIPAA at all but is subject to other protections — PII.

What falls into the PII category? It can include a lot of different sorts of information, but keep in mind that it includes personal information that could be PHI under HIPAA if it were collected by a covered entity or business associate. This subset of PII could include steps and other data collected by a personal activity tracker (Fitbit and the like), information input or collected by health apps on a smartphone, and more. It may also include personal information less closely connected to any health care provider or payor as well, such as food diaries, personal logs of health related information, symptoms, etc. PII does not include electronic health record data, but it does include EHR data if it is downloaded by a patient into a third party repository (i.e., a PHR that is not a service of the provider’s EHR).

Last year, the FTC released a tool intended to help app developers determine what their compliance obligations may be, and ONC released an updated model privacy notice. At the time, ONC noted that it was time to update a tool originally focused on PHRs and broaden it to cover activity trackers, smartphone apps and more. (ONC had previously published a model privacy notice in 2011.)

Recognizing that many web service and app developers have not done a great job communicating privacy policies and protections to consumers, the federales mounted a challenge to encourage the development of easy to understand privacy policies and easy to configure protections. Winners of the MPN privacy notice snapshot challenge were announced this week. The top finalist posted an example of its model privacy notice and a set of configurable controls available on GitHub so that developers may download and use them in their application designs.

ONC is encouraging their use — and it’s not a bad idea.

Given the range of cybersecurity issues in the news these days, and the increasingly widespread concerns about data security, not to mention end users’ rights, it makes sense for web service and app developers to be as transparent as possible about their privacy policies. In addition, thanks to the ever-increasing globalization of commerce, US developers need to be concerned about international standards, and the compliance date for the EU’s General Data Protection Regulation (GDPR) is less than a year away. Privacy policies and other policies and procedures that are adequate for compliance with US law are not, on their own, sufficient for compliance with EU or other international laws, and the more explicit approach laid out in the model privacy notice will go some distance towards readying US businesses for the next step on this journey — GDPR compliance.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

Filed Under: Compliance, FTC, Health care policy, Health Law, HHS, ONC, Privacy

you might also like:

  1. OCR and ONC release model NPPs

  2. Privacy and Security Guide released by ONC

  3. HIPAA Privacy and Security Compliance: Should You Care?

« Cybersecurity Reports and HIPAA Chat Webinar
Federal Health Care Cybersecurity Task Force Issues Recommendations for Industry »

Trackbacks

  1. Smile! Privacy Policy Snapshot - Model Privacy Notice - HITECH Answers: Meaningful Use, EHR, HIPAA News says:
    June 26, 2017 at 7:46 am

    […] article was originally published on HealthBlawg and is republished here with […]

Follow me on Twitter

David Harlow 💉😷 Follow 43,200 17,541

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
2h 1638640040317440001

The Harlow #Healthcare #Innovation Daily #digitalhealth #hcldr #HarlowOnHC Thanks to @DigitalSalutem #digitalhealth #healthtech

Image for twitter card

Eight steps to a successful AI implementation

information-age.com OpenText outline in Information Age the eight key implementation steps to help AI and machine lear...

paper.li

Reply on Twitter 1638640040317440001 Retweet on Twitter 1638640040317440001 0 Like on Twitter 1638640040317440001 0 Twitter 1638640040317440001
Retweet on Twitter David Harlow 💉😷 Retweeted
HCNowRadio avatar; HealthcareNOWradio @HCNowRadio ·
10h 1638517571107401733

NEXT at 8:30 am ET @healthblawg speaks with Steven Lane, PCP, informaticist and CMO @HealthGorilla, who has much to say about #healthdata, data on #SDoH, the power of data to improve healthcare and more. #HarlowOnHC #QHINs https://healthcarenowradio.airtime.pro/

Image for the Tweet beginning: NEXT at 8:30 am ET Twitter feed image.
Reply on Twitter 1638517571107401733 Retweet on Twitter 1638517571107401733 3 Like on Twitter 1638517571107401733 1 Twitter 1638517571107401733
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
5h 1638583863076167706

ICYMI> Lissy Hu, President of Connected Networks at WellSky — Harlow on Healthcare https://healthblawg.com/2023/01/lissy-hu-wellsky.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Lissy Hu, President Twitter feed image.
Reply on Twitter 1638583863076167706 Retweet on Twitter 1638583863076167706 0 Like on Twitter 1638583863076167706 0 Twitter 1638583863076167706
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]