I try and keep an eye out for industry news to tell you all about. Some regular readers will know that I often mention security and why that is so important in healthcare. Today's post definitely deals with that subject, but that's not the main reason for this post. No, instead I want to focus a bit on something about this subject in particular that all offices need to pay attention to.
It seems that Aspen Dental offers online scheduling for patients and I know lots of other offices offer that as well. The problem arose when it was learned that Aspen Dental installed some tracking info (probably cookies, although I'm not sure) and that allowed for patient information to be sent to Google, Facebook, Bing, Salesforce, and other marketing data brokers.
The lawsuit claims that in order to schedule and search for information on specific dental conditions, patients had to provide PII and PHI. By acquiring this information and then sending it on to third parties, the plaintiffs claim that Aspen Dental violated its own privacy policy as well as the laws of various states.
The lawsuit states “This disclosed private information allows third parties like Facebook and other third parties to know that a specific patient is seeking confidential medical care and the type of medical care being sought. Third parties then use this information — without patient consent — to target them with advertisements.”
So here is the lesson to be learned from this. If you offer online scheduling, be sure that any data entered is *not* being passed on to third parties. I haven't done enough research to know if this type of thing is common in online scheduling platforms, but if it is, there's a lawsuit waiting to happen. I'd hate for anyone to face a similar situation if it can be avoided. An ounce of prevention and all...
No comments:
Post a Comment