Month: November 2017

The Data Leaks You Aren’t Thinking About…But Probably Should Be

By: Jennifer de la Chevotiere

On the Expert Depos blog, we’ve discussed several legal topics surrounding compromised online privacy. At this point in the game, most people know that they need to take steps to protect their personal and financial data when they enter it online.

Whether it’s changing your passwords often or doing your research on a company before handing over your credit card number, there are concrete steps ways to protect yourself.

But what about your sensitive medical information?

It’s easy to think that the health professionals you interact with are acting under strict guidelines and know how to handle your information properly. And of course, there are guidelines in place: the Health Insurance Portability and Accountability Act (HIPAA) to be specific.

HIPAA was established in 1996 and mandates nationwide standards for how the healthcare industry handles personally identifiable health information. It is comprised of the Privacy Rule and the Security Rule. Together, these rules define what information is to be protected (whether it’s physical, oral, or electronic information), and how it should be stored, transferred, altered, destroyed, or shared.

The fines for violating HIPAA range from $100 to $1.5 million depending on the number of consecutive violations and the level of culpability determined after investigation. Particularly egregious cases can even result in jail time.

Though, HIPAA complaints are relatively uncommon. For all medical professionals in the USA (doctors, nurses, therapists, pharmacists etc.), from April 2003 to September 2017, there were 165,175 complaints made. Of these complaints, 36,775 led to a full investigation, with 25,441 instances of corrective actions required.

Knowing all of this can make it feel like the situation is totally under control.

But, here’s where things get a little less comfortable.

The average person isn’t going to know about HIPAA. And they aren’t going to ask about data handling policies before choosing a health care provider. I know that this has never crossed my mind until I started researching all of this. There’s a blind trust there.

So, most people aren’t going to know what to look for in order to complain in the first place! In fact, they may even be actively participating in risking their information.

I recently spoke with an individual who offers HIPAA consulting for therapy practices. He suggested that the privacy issue may be a lot more widespread than you would imagine, claiming that several practices he has worked with regularly ask for sensitive information over public networks like Facebook!

And, when you think that each corrective action that needed to be taken could affect tens to thousands of people – depending on the size of the practice – each with their most sensitive personal information on the line, every reported case begins to feel a little more sinister.

The fact is, the health industry runs on information. And when you have people who are trained in the health field, but not so much in IT, mistakes are going to get made in how that data is handled. Even providers who have policies in place, may not take the time to update policies and software as they start to become obsolete. Or, they may hire contractors to work on their systems who do not know how to properly handle sensitive medical data.

The opportunities for mistakes are numerous.

MedPro compiled some of the worst cases here, as a cautionary tale to medical professionals, including some precedents set in landmark cases.

So, the next time you visit any type of medical provider, especially small practices that may not have funding for HIPAA consulting or consistent software updates, you may just want to inquire about their privacy policies…
We would love to hear what you think about the situation. Is HIPAA enough? Should there be more information available to the public about their rights to privacy? Do you know what to look for?

Let’s take this conversation to Twitter!

You can tweet us @expertdepos and/or use the hashtag #expertdepostech

The FTC V. Shady Online Marketing

By: Jennifer de la Chevotiere

How many ads do you think you’ve seen today? If you follow any popular Instagram or Twitter accounts, or sat back to watch a YouTube video at any point, the answer could be a LOT higher than you think.

Social media has revolutionized the way brands can reach their target audience. Instead of traditional ads, more and more brands are setting aside funds to compensate social media ‘influencers’ to help sell their products.

Now, having well-known personalities endorse products is nothing new, but this changing landscape is making it increasingly difficult to parse genuine interest in a new product from a compensated endorsement of it. As one writer at Tech News World put it, “Social media influencer campaigns are based on that tried-and-true formula, but the implication is that the endorsements are voluntary.”
 

 
And, while many brands are taking advantage of this ambiguity, the Federal Trade Commission (FTC) is taking action to show they will not let this exploitation stand. The crackdown on disclosure began earlier this year when popular YouTubers Trevor Martin and Thomas Cassell were exposed and charged for consistently promoting a gambling website on social media that they turned out to own: CSGOLotto. Posts would include videos or claims of them winning large pots on the website…which some accuse them of altering the software to achieve.

Further, the two men allegedly paid thousands of dollars to other online influencers to covertly promote the website. Although this incident reached a settlement, the FTC continues to send warning letter to social media influencers and marketers suspected of promoting products without disclosing brand relationships.

In addition to sending what FTC public affairs specialist Mitchell J. Katz claims are essentially cease and desist letters, the FTC has also updated their Endorsement Guidelines to make expectations crystal clear.
 

 
The new guidelines include the mandate that any “material connection” between an endorser and a company should be disclosed. According to the FTC, “a material connection could be a business or family relationship, monetary payment, or the gift of a free product.”

Despite the FTC’s show of strength, we predict that enforcing the new guidelines will be a case of legal whack-a-mole. Especially since:

  1. Proving non-financial compensation could be difficult in many cases.
  2. There are thousands of influencers in the USA and even more around the world working with US brands.
  3. The big-name offenders stand to gain more from companies than they will likely lose if charged.

 
We would love to hear what you think about the situation. Is the FTC fighting a losing battle? Will the threat of charges stop influencers from posting ads without disclosure?

Let’s take this conversation to Twitter!

You can tweet us @expertdepos and/or use the hashtag #expertdepostech