Healthcare organizations need to carefully assess whether data they hold falls under the scope of the California Consumer Privacy Act, says attorney Anne Kimbol, assistant general counsel of HITRUST, especially now that the regulation’s Jan. 1 compliance deadline has hit.
For-profit healthcare organizations that handle certain data of California residents potentially must comply, Kimbol explains in an interview with Information Security Media Group. CCPA covers personal information other than what is defined as protected health information under HIPAA, she explains.
“If you’re a for-profit entity, do business in California, and you either make more than $25 million a year, get 50 percent or more of revenue from data sales … sell or disclose information on more than 50,000 consumers, devices or households - or are 50 percent controlled by a business that meets that definition - CCPA will apply to you,” she says. “So larger for-profit healthcare providers will have to look at this no matter where in the U.S. they are.”
Continue reading at healthcareinfosecurity.com | #compliance