The Federal Trade Commission and the U.S. Department of Health and Human Services Office for Civil Rights explain why complying with HIPAA isn’t the only rule organizations need to comply with if they are collecting and sharing health information. The two departments recommend companies study the FTC Act to ensure they do not engage in deceptive or unfair practices, and to prevent organizations from misleading patients about what happens with their health information. “You need to do more than just meet the requirements for a HIPAA-compliant authorization. Your business must consider all of your statements to consumers to make sure that, taken together, they don’t create a deceptive or misleading impression,” the report said. “Even if you believe your authorization meets all the elements required by the HIPAA Privacy Rule, if the information surrounding the authorization is deceptive or misleading, that’s a violation of the FTC Act.”
If you want to comment on this post, you need to login.