Online Privacy and the Ethics of IBCLC Private Practice
In the United States, health-related digital privacy is linked with health insurance under a law called the Health Insurance Portability and Accountability Act. So the short answer is that if you are providing your clients with a superbill and/or you have an NPI (National Provider Identifier), you are a HIPAA-covered entity and must comply with all applicable laws.
In Canada, privacy is not linked to insurance but is more encompassing, but the laws vary by province. The umbrella legislation is called The Personal Information Protection and Electronic Documents Act (PIPEDA) and it seems that anyone who collects any health data must comply with all its provisions.
You may have read about the GDPR, the General Data Protection Regulation, which encompasses not only the EU but anyone doing business in EU countries. For example, I had to learn all about the GDPR because my paperless business is online-based and is therefore by default marketing to potential customers in the EU. If you're in the EU, the GDPR applies to you, but if you're outside the EU and not doing any online marketing to EU citizens, you probably don't need to worry about it.
Australian readers--I have an article on my blog that addresses how Paperless Private Practice for the IBCLC can apply to you, along with a bunch of links and resources.
But you have more than just a legal responsibility to your clients when it comes to online privacy--you have an ethical responsibility as well. There have been several high-profile cases where leaky online security has led to breaches with major implications. I believe it's important to be aware of which online companies tend to be shady about security (I'm looking at you, Facebook and Apple), and to pay attention to news stories that involve security breaches as a way of educating yourself on how privacy can be violated online.
About this series:
Ever since publishing Paperless Private Practice for the IBCLC, I’ve gotten lots of questions from current IBCLCs and those working towards certification about how to cope with common tech-related issues in private practice. My primary goal with this book and my related products and services is to dispel confusion and fear and empower IBCLCs towards confidence in their tech-related practices.
About the Author
Annie Frisbie, MA, IBCLC is the creator of the IBCLC Private Practice Essential Toolkit, a collection of books, resources, legal forms, training manuals, and workbooks aimed at helping private practice lactation consultants build a private practice that’s ethical, profitable, sustainable, and enjoyable.