As the field of connected healthcare grows exponentially, so too are the fields of privacy and data protection law. The problem is that the growth of each is independent. While connectivity can directly benefit both patients and healthcare providers, they also come with risks. Legal non-compliance risks. Security risks. Trust risks. It is important that those in the field of connected healthcare stay informed of the ever-developing body of U.S. and state privacy and data protection law, as compliance with the huge patchwork of privacy laws is essential for avoiding fines, bad headlines, and being the subject of the next FTC or AG investigation, or the next class action lawsuit.
We will discuss some of the areas of privacy and data protection law that those in the field of connected healthcare should be paying attention to, such as HIPAA, CCPA, BIPA, and other biometric laws, IoT security laws, COPPA, ECPA, and web scraping laws including but not limited to the CFAA. We will also share some advice on best practices, as it is likely that for connected medical devices to be successful in the future compliance alone may not be enough. As consumers become more educated on privacy and data protection, they are looking for platforms that are built on the concepts of transparency and control. Transparency promotes trust.