The California Consumer Privacy Act (CCPA) creates new consumer rights related to accessing, deleting and sharing of personal information that is collected by commercial businesses. Businesses are subject to the CCPA if they meet certain thresholds related to their revenue, and the amount of personal information the business buys, receives or sells.

California businesses already required to be HIPAA compliant are exempt from the CCPA, but the exemption only applies to protected health information (PHI). If there is personally identifiable information collected through other means and purposes, that information must be considered under CCPA.

Drawing on our deep knowledge of both HIPAA and the CCPA, Clearwater’s team of privacy experts can help you identify potential landmines with the new state-level regulation. Our assessment includes:

  • Review how data that is not protected by HIPAA comes into, is managed, and flows out of your organization
  • Interviews with SMEs who know what data is collected and from which sources it may originate to determine if said information is subject CCPA
  • Determination if said information is subject to CCPA is receiving protection
  • Discovery and documentation review in order to provide best perspective
  • Recommendations for policies and procedures to cover said information

For further on how the CCPA may impact your organization, review the article Compliance with the California Consumer Privacy Act: 9 Considerations for Healthcare Organizations.