The Paubox Zoom social mixer for July 2023 featured a presentation on state and federal privacy laws, both enacted and upcoming, which will affect your healthcare business by Stephen Kaplan, CLO, CCO, and CPO for HealthPlanOne, LLC.
What's happening: Paubox Zoom social mixers allow our customers and prospects to network and learn new trends.
Why it matters: At this month's mixer, our guest speaker, Stephen discussed The Perfect Storm Incoming – an overview of state and federal privacy laws.
Stephen Kaplan has served companies in a regulatory compliance and privacy role since 2002, including acting as the Privacy Officer for multiple organizations. Mastering diverse roles in technology, policy, regulation, and risk management, he accumulated extensive experience and knowledge in a wide breadth of industries.
Steve's recent experience entailed performing Information Security Assessments and fortifying information risk management and compliance programs in a large private equity-owned organization, a global charity, and an agile company just beyond their startup phase.
In his role as CLO, CCO, and CPO for HealthPlanOne, LLC, and as a consultant, he advises on and assists with the development and implementation of the entity's data privacy policies and practices, working across business groups to drive data privacy excellence.
Our takeaways:
- State laws and bills are where the action is regarding new privacy regulations.
- At the federal level, Congress isn't doing much, regardless of party.
- California has the most thorough approach to privacy laws.
- Pro-tip: Look at the most "pain in the butt state." Focusing on compliance there will give healthcare organizations a head start in other states.
- Take time to understand which laws apply to you, and note whether exceptions or exemptions apply.
- HIPAA-covered entities often have exemptions in state privacy laws.
- Exemptions are often based on size or other thresholds like the number of state residents using your service.
- Healthcare businesses must understand which states offer a private right of action and what that means.
- The FTC is the catchall government regulator. Because their rules are so vague, they can apply them broadly. The FTC almost always wins Section 5 violation cases.
- COPAA is often aggressively enforced.
- To learn more about privacy regulations, IAPP's online resources are great and have reasonable membership rates.
The bottom line: We learned how privacy regulations are rapidly changing and the importance of being in compliance with state and federal laws.
See also: Our playbook for Zoom social mixers
See also: HIPAA Compliant Email: The Definitive Guide
Dean Levitt
