Blog Hero

HIPAA/PIPEDA Regulations and Why You Need to Be Following Them

A Refresher on the HIPAA and PIPEDA

No matter what country you operate out of, the regulations that govern personal information are a big deal. As healthcare providers, you are trusted and expected to store patient data securely, and the consequences are immense if you don’t. 

The HIPAA (Standards for Privacy of Individually Identifiable Health Information) is the enacted rule in the United States that regulates the protection of patients’ personal or protected health information. The PIPEDA (Personal Information and Protection of Electronic Documents Act) is the legislation that governs the gathering of consent when practices want to use or disclose a patient’s collected information, in Canada.

Disclaimer

This blog is only meant to serve as a guide and does not replace or supersede the legislature it discusses. Please refer to the original laws to ensure you understand the full scope of each and seek legal counsel if you have questions.

What’s Covered?

Keeping track of the guidelines and laws surrounding the collection of your patients’ information can get confusing and at worst, overwhelming. We’ve put together a quick overview of the legislation in North America so you can make sure that all your marketing endeavours are within the law.

PIPEDA (Canada)

All Federally regulated organizations that conduct business in Canada are subject to PIPEDA. The act also applies to their employees’ information.

Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:

  • age, name, ID numbers, income, ethnic origin, or blood type;
  • opinions, evaluations, comments, social status, or disciplinary actions; and
  • employee files, credit records, loan records, medical records, the existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).

Business’ responsibilities under PIPEDA are outlined in the 10 fair information principles. They are:

  1. Accountability
  2. Identifying Purposes
  3. Consent
  4. Limiting Collection
  5. Limiting Use, Disclosure, and Retention
  6. Accuracy
  7. Safeguards
  8. Openness
  9. Individual Access
  10. Challenging Compliance

HIPAA (United States of America)

HIPAA is part of the Health Insurance Portability and Accountability Act, passed in 1994 that serves to enforce privacy standards relating to individually identifiable health information. That information includes:

  • The patient’s name, address, birthday, or social insurance number
  • The patient’s past, present, or future mental or physical health condition
  • Any services or care you’ve provided to the patient in the past or are currently providing the patient
  • Any other information that one might reasonably believe could be used to identify your patient

Be Aware 

You need a patient’s written consent to include them in marketing campaigns, so be careful that your patient is not just implying their consent.

One More Caution

While the federal legislation applies to all federally regulated businesses (like eye care practices), many provinces, territories, and states have their own legislation that deals with privacy and the use of personal information. Keeping up to date with your location’s legislation is pivotal in your efforts to keep your patients’ information safe while keeping them informed of the information they need. As always, if you want guidance on your marketing efforts, or just want to speak to the experts, contact us here.

Written by Trudi Charest

More Articles By Trudi Charest

Our Website Designs

Essential/ Essential+

  • Modern Template Website
  • Marketing Audit
  • Marketing Membership
  • All of the above, plus up to 5 pages of custom content and graphics, SEO performance monitoring, and option to include medical content.

Enhanced

  • Custom Website
  • Custom Medical Content
  • SEO Performance Monitoring
  • Marketing Audit
  • Marketing Membership

Enterprise

  • If you have multiple locations or require multiple websites, our Enterprise option is built for you.

What We Can Do For You

We’ll work with you to build a customized plan that respects your budget, represents your unique practice, and achieves your objectives.

Marketing Membership

Search Engine Optimization

Google Ads

Social Ads

Email Marketing

Social Media

Branding

Dry Eye Marketing

Medical Niche Marketing

What Industry Leaders Are Saying

Our work speaks for itself, but don’t just listen to us. See what industry leaders have to say!

Get In Touch

instagram facebook facebook2 pinterest twitter google-plus google linkedin2 yelp youtube phone location calendar share2 link star-full star star-half chevron-right chevron-left chevron-down chevron-up envelope fax