Thanks, Kam On Mon, Oct 18, 2010 at 1:26 PM, <[email protected]> wrote: > My opinion, as long as there is no patient health information or other > covered by the HIPAA law, almost anything is ok > as long as you notify them in advance and make sure they agree to the > disclosure. The disclosure should not be buried > somewhere deep in the fine print like unethical companies do. > > > ----- Original Message ----- > From: "Ken Kixmoeller (ProFox)" <[email protected]> > To: "ProFox Email List" <[email protected]> > Sent: Monday, October 18, 2010 9:02 AM > Subject: [NF] Privacy issues on eCommerce site > > > Hi, all -- - - - > > I'm wondering how you have handle, or if your clients or employers > have policies regarding privacy issues, for disclosing > sorta-publicly-available names. > > Context: > > I wrote a web-based system (www.comped.smm.org) which is manages > registration and administration for a (essentially) for-profit > computer training organization. Our customers are comprised mostly of: > -- employees of business, nonprofit and government units of all sizes, and; > -- individuals, mostly "displaced workers" (i.e. unemployed folks), > whose classes are being paid for directly or indirectly by the state > government. > > Both privacy issues the last step in the registration process at which > time the student is specifying the payment method. We require a > student to create an account before he can complete registration for > classes. At this point, the student has an account and has logged in. > In other words, we know who the student is, and, if relevant, for > which organization the student works. > > Two Scenarios: > > 1. Employees: When the student wants us to "Bill my Employer" -- we > gather the name of student's supervisor. Would it be a privacy issue > to provide a list of other employees of the *same* organization who > have an association with my client? These could be folks who > previously have taken classes, been specified as a "supervisor" or > "billing contact," or be simply on our mailing list. > > 2. Displaced Workers: When the student specifies the Agency that is > paying for the class (which could be either a state government agency > or a nonprofit organization funded by the state), we also need the > name of the counselor with which the student is working. Would it be a > privacy issue to provide a list of counselors? The agencies have > provided us with the counselor names. However, it would also be > possible for the student to select other agencies and see the > counselor names. > > (In both cases, of course, the student could supply a name that is not > on the list.) > > This is a "privacy versus data-quality" conundrum. I am just wondering > if you have encountered similar issues and how you handled them. > "WAOs" welcome, too, naturally. We have always had those in abundance > on ProFox!! > > Many thanks - - - -- - - - - - - - -- -- - > > Ken > [excessive quoting removed by server]
_______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
