This HIPAA cartoon involves confidentiality. There are countless cases of misdirected PHI that is emailed or faxed to the wrong people.
I recently created a new short course on HIPAA Confidentiality. You can learn more about it here.
HIPAA Training Courses
HIPAA Training Guide
HIPAA Training Requirements FAQ
HIPAA Whiteboard
HIPAA Resources
In recent years, there have been tremendous advances in artificial intelligence (AI). These rapid technological advances are raising a myriad of ethical issues, and much work remains to be done in thinking through all of these ethical issues.
I am delighted to be interviewing Kurt Long about the topic of AI. Long is the creator and CEO of FairWarning, a cloud-based security provider that provides data protection and governance for electronic health records, Salesforce, Office 365, and many other cloud applications. Long has extensive experience with AI and has thought a lot about its ethical ramifications.
Blockchain is taking the world by storm. I am delighted to have the opportunity to interview Steve Shillingford, Founder and CEO of Anonyome Labs, a consumer privacy software company.
Steve was previously at Oracle and Novell, then was President of Solera Networks before founding Anonyome. Steve speaks and writes extensively on identity management, cybersecurity, privacy, and Big Data.
I’ll be speaking at the FTC Hearings on Competition and Consumer Protection in the 21st Century on a panel about consumer data on Thursday, September 13, 2018 at 3:15 PM.
UPDATE: You can see video of my panel at that hearing here. Here’s a transcript.
My panel information is here:
The Regulation of Consumer Data
Participants:
Maureen K. Ohlhausen
Federal Trade Commission
Howard Beales
George Washington University School of Business
Daniel Solove
George Washington University Law School
David Vladeck
Georgetown University Law Center
Moderator: James Cooper
Federal Trade Commission, Bureau of Consumer Protection
More information about the day’s schedule is here.
This cartoon is about consent under the GDPR. Under the GDPR Article 6, consent is one of the six lawful bases to process personal data. Article 7 provides further guidance about consent, including the data subject’s right to withdraw consent. The meaning of what “consent” requires is most thoroughly stated in Recital 32:
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
Privacy by design — or “Data Protection by Design” as it is referred to in the General Data Protection Regulation (GDPR) — is essential to meaningful privacy protection. Yet, it is often quite thin and incomplete. As I wrote a few years ago about privacy by design, “The ‘privacy’ the designers have in mind might be so focused on one particular dimension of privacy that it might overlook many other dimensions.”
Here’s a new HIPAA cartoon. This cartoon is about protected health information (PHI). In the HIPAA regulations, the definition of PHI is quite complicated, as it is splintered into at least three separate parts that appear in HIPAA’s definitions section. Pursuant to HIPAA, 45 CFR 160.103:
Health information means any information, including genetic information, whether oral or recorded in any form or medium, that:
(1) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
The privacy world has been abuzz with the passage of the California Consumer Privacy Act of 2018. In June 2018, within just a week, California passed this strict new privacy law. Some commentators have compared it to the GDPR, but it is a much more narrow law and is a far cry from the GDPR. Nevertheless, it is a significant entry in California’s considerable canon of privacy laws.
For more on California privacy laws, see this collection compiled by the California Attorney General.
We recently developed a new overview page that discusses my approach to HIPAA training. The page discusses several dimensions about our training, including:
Learn more about our 60+ HIPAA training topics for your workforce.
In the period of just a week, California passed a bold new privacy law – the California Consumer Privacy Act (CCPA) of 2018. By January 1, 2020, companies around the world will have to comply with additional regulations related to the processing of personal data of California residents.
My California Consumer Privacy Act Resources page includes information about the CCPA including articles, news, blogs and more.