logoalt Hacker News

vel0cityyesterday at 8:45 PM2 repliesview on HN

> Secretaries are compelled by the same privacy and disclosure laws as doctors

What HIPAA-like law is there for secretaries?


Replies

munk-ayesterday at 9:08 PM

Anyone handling PII needs to be trained in HIPAA compliance and authorized in the same manner as the doctor themselves. There is no explicitly separate HIPAA like law though if your handling of the information is limited to a particular subset of the information (e.g. knowing that a patient has an appointment with a renal specialist and knowing their address information but not knowing the topic of the appointment) then there may be a relaxation of the requirements - but patients are also blabby so usually they're treated like anyone else.

When it comes to AI note-taking or other AI services that interact with PII the exact same requirements and data handling standards need to be adhered to as if the tool was an employee with proper certified training (or, in the case of a tool, review and certification) and appropriate contracts and disclosures.

I can't really provide a more specific answer because the topic is so broad and while I'm familiar with the process from one end I am not an expert on the process in general.

show 1 reply