All of you know and follow the HIPAA regulations, but you also need to make sure you follow the Federal Trade Commission (FTC) guidelines as well. The Department of Health and Human Services (HHS) released an article explaining about the requirements.
HIPAA involves the Privacy of an individual and FTC Act prohibits companies from engaging in deceptive or unfair acts or practices in or affecting commerce. Keep in mind if you use a third party, you also need a business associate agreement in place. Anytime you share patient information outside of treatment, payment, or healthcare operations (TPO), you must have a written authorization from the patient. Organizations can not mislead patients about what is happening with their health information. The manner in which you share their information must be clear, concise, and written in plain language so they understand.
