5 Health Data Privacy Myths Debunked

Health Data Privacy
Written By Jonathan McLeod

5 Costly Health Data Privacy Myths and Misconceptions.

Understanding and adhering to privacy laws is essential when managing sensitive consumer data, but too often misconceptions influence data privacy strategies. These health data privacy myths can lead to noncompliance and missed opportunities.

Businesses need to discern the realities behind these myths if they are to use consumer data effectively, ethically and legally.

Here are five of the most common myths:

Myth 1: New Privacy Laws Prevent the Use of Sensitive Personal Information.

Some healthcare marketers think new laws make it all but impossible to use sensitive personal information from customers. This unfounded fear can lead to missed opportunities due to an overly cautious approach.

The Reality:

Despite how privacy laws challenge healthcare marketing efforts, companies can still use data. The key is obtaining consumer consent and being transparent about data collection and usage. Marketers can manage these risks by implementing a robust consent management program and providing clear consumer notices. But consent alone is inadequate.

Myth 2: Obtaining Consent is Enough for Compliance.

At the other extreme, some marketers believe obtaining consumer consent is sufficient for compliance. This dangerous oversimplification overlooks other crucial aspects of privacy laws.

The Reality:

Compliance goes far beyond merely getting consent. Marketers must ensure consumers fully understand which data is being collected, how it’s used and with whom it will be shared.

Thoroughly informing consumers is also a crucial consideration when using third-party data. Be certain your partners validate — at the point of collection — that consumers are informed about data use.

Companies should review their own consumer notices as well as those of third-party data sources that they may use. They must:

  • Disclose the types of personal information they collect

  • Explain how they use this data and who they share it with

  • Allow consumers to access and/or correct their personal information, request its deletion and opt out of data collection completely

Myth 3: All State Privacy Laws are the Same.

Many marketers assume that privacy laws are static and consistent across every state.

The Reality:

While there are common elements, state consumer privacy laws can vary significantly.

Healthcare marketers must understand these differences to ensure compliance. Many companies choose to abide by the most stringent laws to ensure compliance, even if it results in missed opportunities. But even that isn’t enough because these laws change frequently.

For a deeper dive, download Throtle’s latest white paper, Beyond HIPAA: Health Data Privacy Laws Challenge Healthcare Marketing Efforts. The article provides further insight into state privacy laws.

Myth 4: First-Party Data Is Always Compliant.

Many marketers operate under the assumption that first-party data, which is data collected directly from customers, doesn’t require any changes in collection or usage processes. They think that because the data comes directly from the customer, it’s automatically compliant with privacy laws. This common misconception can land marketers in legal jeopardy.

The Reality:

First-party data is not exempt from privacy laws; consumers still have rights concerning that data. The consumer consent notice must articulate what data companies collect, how they use it and where they share it.

If a company’s use cases change after originally obtaining consent, they must provide consumers with updated privacy notices detailing what has changed. They’ll also need to obtain consent to these changes.

Here’s an example: A company initially obtained consent to collect a customer’s email address for newsletters. If that company later decides to use that email for targeted advertising, it must obtain additional consent. Without this updated consent, the company’s use of the email address for advertising would violate most privacy laws.

Myth 5: Data Privacy Laws Apply Only to Large Companies.

The Federal Trade Commission (FTC) is the government agency that enforces consumer privacy laws. Some healthcare marketers, particularly in smaller organizations, mistakenly believe that privacy laws apply to large companies only. This dangerous misread could put smaller organizations in legal jeopardy with the FTC.

The Reality:

The California Consumer Privacy Act (CCPA) and other state consumer privacy laws have thresholds to trigger entity responsibilities. These limits could be the amount of annual revenue or the number of consumers included in the company’s data.

However, all companies, regardless of size, should pay attention to the FTC’s consumer privacy-related enforcement actions over the last few years.

The FTC enforces consumer-protection laws under the FTC Act. It has charged companies with violating laws “that prevent fraud, deception and unfair business practices.” The FTC has acted against organizations that have:

  • Violated consumers’ privacy rights

  • ailed to maintain security for sensitive consumer information

  • Caused “substantial consumer injury”

Misconceptions Can Be Costly.

By understanding the realities behind these myths, marketers can more confidently use sensitive consumer data, unlocking new opportunities while maintaining consumer trust. However, clinging to these misconceptions can lead to missed marketing opportunities and expose organizations to the risk of enforcement actions and lawsuits.

Adapt to Change.

The solution isn’t to avoid using consumer data altogether. Instead, healthcare marketers should adapt their strategies to comply with new and emerging privacy laws.

These laws continually evolve to keep pace with technological advancements and societal expectations. To keep up, marketers must stay informed and agile. Setting up systems and processes once isn’t enough; ongoing monitoring and adjustments are necessary for continued compliance.

To help marketing organizations understand what they must do to remain compliant, Throtle created a free, comprehensive 12-point privacy checklist.

Seek Guidance From Experts.

Marketers need partners that understand the nuances of privacy laws and regulations. These partnerships can provide the necessary guidance and expertise to ensure compliance and enable success in this new era of healthcare marketing.

Understanding privacy laws is about more than adhering to legal requirements. It’s also about reshaping marketing strategies to accommodate health data within new constraints.

Throtle can help you do this. Throtle has decades of experience working with evolving privacy regulations; we prioritize privacy and compliance in healthcare and pharma. Throtle maintains the highest industry standard for anonymization, and we support the latest privacy technologies.

Don’t fall for these myths. Focus on reality. Contact Throtle to see how we lead privacy and compliance in the healthcare identity space.

References:

https://www.ftc.gov/reports/federal-trade-commission-2023-privacy-data-security-update

https://www.ftc.gov/enforcement

https://www.ftc.gov/news-events/topics/protecting-consumer-privacy-security/privacy-security-enforcement

Jonathan McLeod
Previous

Health Care Cybersecurity Improvement Act: Relevance for Pharma and Identity 
Next

Embracing Healthcare’s Future: How CTV Advertising Shines in a Cookieless World