The Consumer Online Privacy Rights Act was introduced in the Senate and while we don't know the long term impact, given how Bills are managed, we advocate for a shift from today's paradigm of control over our personal information. If this bill is made into law, companies will be compelled to testify compliance annually to the FTC.
For those not familar, GDPR in a nutshell empowers consumers the right to allow their information to be shared, or not. Companies caught sharing information without permission have already been sued under GDPR.
The idea of explicit permission being granted before sharing information isn't unique. HIPAA entities normally have release of information and a notice of privacy practices forms, aside from the Rules' guidance for sharing (e)PHI. California has a new law going into effect in 2020 that shifts more power to the consumer and other states are debating similar legislation.
Protecting patient privacy is serious business. Click the link below to read the proposed law.
Stay (HIPAA) safe,