Install App?
rxless logo

rxless.com
Install Not Now
rxless logo

Use Google Chrome to get the RxLess app

rxless logo

RxLess app successfully installed!

App installation banner

The New National Data Policy May Bridge the Gap HIPAA Does Not Cover

Updated on November 10th, 2022

Save up to 88% on your medications

Written and medically reviewed by Dorcas Morak, Pharm.D

The national data privacy proposal, American Data Privacy Protection Act (ADPPA), may bridge some of the current gaps left by the Health Insurance Portability and Accountability Act (HIPAA) if approved. The national data privacy proposal will have broader coverage that will address privacy issues that led to the current under-regulated vacuum.

Read on to know ADPPA's relevant features and possible ways to impact a wider range of businesses than the existing data privacy policies.

How is ADPPA Different from Existing Data Privacy Policies?

The ADPPA shares many elements with other contemporary data privacies but differs in many of its specifics. If ADPPA is approved into law, the differences may have a significant effect on businesses.

What are the Variations in ADPPA?

Unlike other data privacy policies, there are various variations in the definitions of the ADPPA:

  • "Covered entities," are any organization or individual that gathers, processes, or transfers data that is governed by the Federal Trade Commission Act, is a common carrier under the Communications Act, or is a non-profit. This definition covers most businesses.
  • "Covered data," is any information that identifies, links, or is reasonably linkable to an individual or a device. It also includes any information or special identifiers produced from such information, such as IP addresses, identifiers for targeted advertising, and similar things.
  • ** "Children,"** refers to everyone under the age of 17. This is essential since businesses are frequently required by data privacy rules to handle children's data in specific ways.
  • "Sensitive data," refers to a range of data types that go beyond what is protected by existing state privacy laws. Sensitive information includes race, ethnicity, genetic data, children's data, login credentials for any devices, etc.

How will ADPPA Affect existing States laws?

If ADPPA is passed into law, it will supersede all other state data privacy laws that may bind any company with a few exemptions.

How would ADPPA Affect Individuals?

A private right of action is an individual's right to sue a company for non-compliance. This provision is not in the majority of US data privacy regulations.

How would ADPPA Affect Businesses?

The impact of ADPPA on business depends on the volume of data they handle. Therefore, businesses are categories as either Large Data Holders or Small Data Holders.

Criteria for Businesses to Qualify as Large Data Holders

Businesses must meet the following criteria to qualify as large data holders:

  • Must have gross annual sales of more than $250 million, and
  • Must process the data of more than 5 million individuals, or
  • Must process the sensitive data of 200,000 individuals annually.

Under the ADPPA, large data holders like Facebook and Google would be subject to a variety of additional disclosures, certifications, and audit obligations. They would have to do yearly evaluations of the effects of their algorithms, provide access to privacy policies, and report these evaluations to the Federal Trade Commission (FTC).

Criteria for Businesses to Qualify as Small Data Holders

ADPPA defines small data holders as those that:

  • Are not data brokers.
  • Have less than $41 million in annual gross income, and
  • Process the data of fewer than 200,000 people each year, and
  • Acquire less than 51 percent of revenue from transferring personal data.

Businesses that meet this criterion are exempt from the naming a company privacy and data officer; allowed to delete rather than correct data with a correction request; not required to port user data; not mandated to impose certain data security practices noted in the bill.

ADPPA has no lower boundary, unlike other privacy regulations that exempt businesses that process the data of fewer than 100,000 people. So, almost all forms of business are included.

Do Individuals Have the Right to Opt-Out of Data Transfer?

Yes. Unlike most other data privacy laws, the ADPPA allows individuals to opt-out of having their data shared with third parties regardless of the involvement of money.

Was this article helpful?

Related Articles

Doctor Working on Laptop and Clipboard at Desk
Privacy

Making Sense of IIHI, PHI, and PII in Healthcare

July 21, 2023

Explore the intricate world of health data privacy, learning the differences between IIHI, PHI, and PII, and how HIPAA regulations impact them.

Read More - Making Sense of IIHI, PHI, and PII in Healthcare
Hands Holding Tablet Displaying Medical Record
Privacy

Electronic Health Records and Your Privacy

July 10, 2023

Explore the journey from paper to digital medical records, and how EHRs offer top security and easy access to your health info.

Read More - Electronic Health Records and Your Privacy
Doctor looking at medical form with patient
Privacy

What is PHI?

June 22, 2023

Discover how Personal Health Information (PHI) gathered by healthcare experts can impact your privacy as it helps identify and provide effective care.

Read More - What is PHI?

Saving has never been so convenient

Sildenafil

  • 20mg
  • 30 Qty
Retail: $376.30
Our Price: $26.21
Savings: $350.09
pharm

Gabapentin

  • 300mg
  • 60 Qty
Retail: $63.39
Our Price: $16.40
Savings: $46.99
pharm

Atorvastatin

  • 40mg
  • 90 Qty
Retail: $284.99
Our Price: $22.74
Savings: $262.25
pharm

Lisinopril

  • 20mg
  • 90 Qty
Retail: $43.39
Our Price: $10.19
Savings: $33.20
pharm

Tadalafil

  • 20mg
  • 30 Qty
Retail: $1,895.99
Our Price: $26.96
Savings: $1,869.03
pharm