New York Legislation Prohibits First Responders from Selling Patient Data for Marketing Purposes
On October 7, 2019, New York Governor Andrew Cuomo signed new legislation into law – S.4119/A.230 – that prohibits first responders and ambulance service personnel from selling or disclosing patient data to third parties for marketing or fundraising purposes.
The bill was originally introduced by New York Assembly Member Edward Braunstein in 2014 following reports that ambulance and first response service personnel were selling patient data such as names, addresses, phone numbers and medical histories to third parties such as pharmaceutical firms and nursing homes for marketing and fundraising purposes. Prior to the introduction of the new law, these disclosures and the sale of patient information were permitted in New York.
“Patients have a right to privacy and their medical information should never be sold to pharmaceutical companies, insurers, nursing homes, or other businesses,” explained Braunstein.
The legislation follows the June 25, 2019 signing of the Stop Hacks and Improve Electronic Data Security (SHIELD) Act into law, which overhauled state regulations for data privacy and security to better protect the private information of New York residents.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The new law applies to ambulance staff and first responders, but not to healthcare providers, health insurers, and parties acting under appropriate legal authority, such as government health inspectors and law enforcement. Patient information may be disclosed, transferred, or sold to the patient who is the subject of the information or a person authorized to make health care decisions on behalf of the patient.
Ambulance staff and first responders are only permitted to sell, disclose, transfer, exchange, or use patient data for marketing or fundraising purposes if they have obtained written consent from the patient in question prior to the sale or disclosure. The new law does not apply to de-identified patient data.
The new law applies to all individually identifying information which would allow a patient to be identified. Marketing is classed as, but not limited to, “advertising, detailing, marketing, promotion, or any activity that is intended to be or could be used to influence business volume, sales or market share or evaluate the effectiveness of marketing practices or personnel,” and applies to the sale or disclosure of patient data to for-profit, not-for-profit, and governmental entities.
“Nothing is more personal than your health records, and New Yorkers have a right to privacy when it comes to this incredibly sensitive information,” said Governor Cuomo. “This law sets clear guidelines so patient information isn’t sold or used for marketing purposes and most importantly doesn’t end up in the wrong hands.”
“Under no circumstances, when someone is in the middle of a life-threatening crisis, should they have to worry about their information being sold for any reason,” added Senator John Liu.
