When Healthcare and Consumer Data Rules Collide: Compliance With The Latest Generation of Data Privacy Laws

By: Alexander Dworkowitz | Brandon Reilly | Randi Seigel

Manatt Health Partners Alex Dworkowitz and Randi Seigel, and Privacy and Data Security Partner Brandon Reilly co-authored an article for COSMOS on the new health care consumer data regulations health care providers and plans must comply with as states continue to pass their own consumer privacy and protection laws. 

As health care providers and plans increasingly advance their digital footprint, they have been partnering with telemonitoring providers and digital health apps to obtain data that helps to improve their offerings and patient or member experience. As a result, personal information (PI) data may now become subject to HIPAA and the emerging generation of consumer privacy and protection laws, such as the California Consumer Privacy Act (CCPA). “Health care providers and health plans that have comfortably used, shared, and safeguarded protected health information (PHI) data under HIPAA now have to evaluate whether they are also subject to the CCPA and other state laws, given that the organizations collect PI through a multitude of methods,” the authors explained. Organizations may now have more substantial compliance responsibilities regarding health PI data that are not PHI, as well as more stringent requirements related to such data. “The determination of whether a particular set of health care data should be classified as PHI is therefore all the more important,” the authors concluded.  

COSMOS subscribers can read the full article here



pursuant to New York DR 2-101(f)

© 2024 Manatt, Phelps & Phillips, LLP.

All rights reserved