The biggest challenge regarding privacy notices is that hardly anyone actually reads the notice, and notices are often a chore to read.
There is a Hobson’s choice when it comes to such notices, whether under HIPAA or otherwise. As I wrote in Privacy Self-Management and the Consent Dilemma, 126 Harvard Law Review 1880 (2013): “[M]aking [notices] simple and easy to understand conflicts with fully informing people about the consequences of giving up data, which are quite complex if explained in sufficient detail to be meaningful. People need a deeper understanding and background to make informed choices.” Sadly, there’s no easy way to win on this one.
* * * *
Please check out my new HIPAA privacy course series. I have updated more than a dozen of my HIPAA training programs and short courses with new content and a new design.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.