Print Page | Contact Us | Sign In | Join
AmSpa Now
Blog Home All Blogs
Search all posts for:   

 

View all (146) posts »
 

California Passes Amendement to New Law That Could Affect Your Med Spa

Posted By Administration, Friday, November 2, 2018

By Brad Adatto, JD, Partner, ByrdAdatto

Do you own or work for a med spa in California? If so, this is important news. Just two months after California passed their new sweeping consumer privacy law, the California Legislature has passed an amendment to the act that was submitted to the Governor on September 12th for signature. The original bill, the California Consumer Privacy Act of 2018 (“Privacy Act”), was signed into law on June the 28, 2018, creating the strongest protections in the nation on collecting and using consumer’s information (please see our previous article here for more details on the Privacy Act). As written, the Privacy Act would require substantial compliance efforts for businesses working with California residents. The amendment makes many changes and clarifications to the Privacy Act, and several will be beneficial to medical practices.

The most beneficial change for medical practices is the Privacy Act now does not apply to health care providers to whom the rules of HIPAA or California’s Confidentiality of Medical Information Act apply, so long as the practices maintain patient information in the same manner as they are required to maintain protected health and medical information. Protected health information and medical information covered under those laws were already exempted in the original law.

A second helpful change for medical practices is that the disclosure to consumers of their rights of deletion no longer needs to be on the website or in the privacy policies. Rather, it now only needs to be “reasonably accessible to consumers.” Previously, this would have necessitated medical practices making major updates to their websites to be compliant.

The amendment also narrows the broad definition of personal information covered by the law. Previously “personal information” included a laundry list of types of information, ranging from biometric data to employment information. Unfortunately, the laundry list still remains, but is limited only to data that is capable of being associated or linked with a particular consumer or household. This is helpful as it exempts aggregated demographic and trend data.

While the Amendment may have eased the burden of compliance for medical practices, it has not removed it. We are hopeful that most of the nuts and bolts compliance concerns will be fully addressed in the Attorney General’s forthcoming rule interpretation. Consistent with the amendment, the AG must release its rule interpretation by July 1, 2020. However, since the Privacy Act itself becomes effective January 1, 2019, medical practices will need to be mindful of how they are treating consumer information before the Privacy Act takes effect. Substantial processes and changes may still needed by medical practices to be compliant.

Brad Adatto, JD, is a partner at ByrdAdatto, a business, healthcare, and aesthetic law firm that practices across the country. He has worked with physicians, physician groups, and other medical service providers in developing ambulatory surgical centers, in-office and freestanding ancillary service facilities, and other medical joint ventures. He regularly counsels clients with respect to federal and state health care regulations that impact investments, transactions, and contract terms, including Medicare fraud and abuse, anti-trust, anti-kickback, anti-referral, and private securities laws.

Tags:  Med Spa Law 

Share |
Permalink | Comments (0)
 
Contact Us

224 N Desplaines, Ste. 600S
 Chicago, IL 60661

Phone: 312-981-0993

Fax: 888-827-8860

Mission

AmSpa provides legal, compliance, and business resources for medical spas and medical aesthetic practices.

Follow Us: