“How is your network planning to address GDPR/CCPA?”
While our network in healthcare Point-of-Care is very sensitive to privacy and personal health information, our network currently does not display or carry any PHI to make this a relevant issue for our network.
However, we are always learning more and more about how to deal with GDPR/CCPA for when we will want to make our network more effective by knowing the demographic of whom we are serving. The few areas in which we are adding capability are:
- Legal Operations: We are putting in place consent forms and other legal documentation between us and our consumers to be able to clearly define the boundaries of where we operate when it comes to privacy.
- Tech Operations: We are continuing to add encryption to our platforms to ensure that data privacy is always taken care of. We pay special attention not only to the end of the line signage devices, but also the entire technology stack that serves our devices. As an example, something simple as the entire stack needs to be encrypted and protected in order to ensure privacy. Another area is by being mindful about privacy while implementing features to our network that add consumer value. We ensure that privacy is top of mind when defining features. We take significant prevention measures in our implementation to protect privacy.
- Organizational Operations: Privacy and protection is not a feature or function – it is a state of mind. Organizationally, we would implement privacy learning and development into our organization prior to deploying content or functions that could have GDPR/CCPA impact.
So, with this multi-pronged approach, we ensure that our network is ready for all privacy needs.