Activities in the field of public health. A recent case that illustrates how these new technologies can continue to fuel privacy concerns in the future is Project Nightingale. Project Nightingale is the name of the partnership between Google and Ascension Health – the second largest healthcare system in the United States – that was announced in late 2019. Through this partnership, Google has gained access to more than 50 million patient records to use the data to develop tools to improve patient care. Google has also expressed its intention to use emerging medical data (EMD) in this process, which is non-medical data that can be transformed into sensitive health information using AI. Attenuation. A covered entity shall, to the extent possible, mitigate the adverse effects it learns has been caused by the use or disclosure of protected health information by its personnel or business partners in violation of its privacy policies and procedures or the confidentiality rule.69 Personal Representatives. The confidentiality rule requires that an affected company treat a “personal representative” in the same way as the individual with respect to the use and disclosure of the individual`s protected health information, as well as the rights of the individual under the rule.84 A personal representative is a person legally authorized to make health care decisions on behalf of a person or to act on behalf of a person. deceased person or estate. The data protection rule provides for an exception if a data subject company has reasonable grounds to suspect that the personal representative is abusing or neglecting the person or that the processing of the person as a personal representative could otherwise endanger the person. PIPEDA (Personal Information Protection and Electronic Documents Act), on the other hand, regulates the collection, use and disclosure of data by the private sector in the course of commercial or for-profit activities in Canada. It refers to the protection of a customer`s information appropriately, depending on its sensitivity. In any case, this data must be protected against violations and forms of unauthorized disclosure.

Marketing is also an agreement between a registered company and another company in which the collected company discloses protected health information for direct or indirect remuneration so that the other company can communicate about its own products or services that encourage the use or purchase of those products or services. A covered business must obtain permission to use or disclose protected health information for marketing purposes, with the exception of personal marketing communications between a covered business and a natural person and for the provision of gifts at face value by a covered business. However, no approval is required to make an opinion that falls within one of the exceptions to the definition of marketing. A marketing authorisation in which the undertaking concerned receives direct or indirect remuneration from a third party must indicate this. More information on marketing can be found here. Privacy Policies and Procedures. An affected company must develop and implement written privacy policies and procedures that comply with the confidentiality rule.64 Research.