CCPA, HIPAA, and What It Means To You

Have you made significant changes to your practice based on HIPAA laws? Think your data is safe enough?

Think again.

There’s a new kid in town - CCPA - the latest in laws designed to protect data.

You may have heard about CCPA - California Consumer Privacy Act - which went into law on January 1st. If you’re not in California, you might have ignored the details, thinking it doesn’t apply to you anyway. But that’s only half true.

CCPA was designed to provide California residents with control over their personal data. It requires all companies

  • with more than $25 million in annual gross revenue,
  • hold a significant amount of personal data,
  • or makes annual revenue from buying and selling personal information,

to be more transparent with what they are doing with it. They have to notify consumers about why they collect data, and what they do with it once they get it. Then they have to allow consumers to opt out.

California may be the first to have this type of law enacted, but they won’t be the last. Already, states like Nevada and New York are creating their own rules. With the number of breaches occurring, and consumers becoming savvier about how their personal data is handled, it’s only a matter of time before more stringent laws come into play.

But CCPA is about consumer protection. It doesn’t impact the medical industry, right?

A recent article in MedCityNews states the problem.

Healthcare data is primarily covered under HIPAA. HIPAA focuses on protected health information - PHI - and concentrates mainly on hospitals, clinics, insurance providers, and other medical organizations that process medical data.

CCPA is for-profit regulation. It exempts data already covered by HIPAA.

But there is data that sits outside of the HIPAA law that may be of concern. As a medical practitioner, if you do business with people in California, you’ll be liable for it.

  • People within your organization who are not covered by HIPAA. This can include doctors, nurses, and other staff members who aren’t patients.
  • Organizations that handle PHI but aren’t covered by HIPAA. Pharmaceutical companies and creators of wearable technology are just two examples.
  • Healthcare companies who may not be headquartered in California, but do business there. They will have to comply with the regulation all across the US.

CCPA may not impact you now, but chances are, a new law is coming for you. How prepared are you for when that happens?

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.