If you’re in the EU, you are probably aware of the new General Data Protection Regulation, which aims to protect the digital privacy of EU citizens. It’s a sweeping law whose main goal is to give EU citizens full control over their own personal information and its use online in commercial transactions.
Outside of the EU, you may have notice disclaimers from online service providers, asking you to confirm your privacy settings and opt back into mailing lists and all kinds of other requests that probably just made you hit the delete button. That’s because any company marketing to EU citizens (like I do) has to comply with the GDPR as well.
Most of you in private practice outside of the EU will not need to worry about the GDPR, but if you have a mailing list or online business that has or can potentially have customers in the EU, I highly recommend listening to this podcast.
Using Paperless Lactation Resources for GDPR Compliance
While my books and resources were created with HIPAA in mind, it would be very easy for you to use them to meet GDPR compliance as well. The kind of data that the GDPR protects is more restrictive than HIPAA, but if as an IBCLC you are protecting your clients’ personal data, then it is not going to be hard for you to continue to do so. Basically everything you collect in the course of scheduling and performing a consult qualifies, and using informed consent (as explained in my book IBCLC Private Practice: From Start to Strong) every step of the way will help you meet your ethical guidelines.
A key difference between HIPAA and GDPR concerns the right to erasure. EU citizens have the right to ask for their personal information to be removed from any online database. However, it’s unclear whether this would apply to healthcare clinics. In the event that a client asks you for data erasure, I recommend consulting legal counsel.
Avoid free services for client interactions
This principle is one that applies to all IBCLCs at all times and in all countries. When you use a free service, you are bartering away client privacy. As an IBCLC, your ethical obligation is to protect client privacy, and this will cost you money. Build these costs into the fees you charge and consider them essential.