Skip to content
Paul Luckey
Product Architect
Resume
←
Policy Collision Detector
Public Sector
Document Review
State privacy law vs. HIPAA
GDPR vs. US financial regulations
§
Document A
Section 1798.105(a): A consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected. Section 1798.100(a): A consumer shall have the right to request that a business disclose the categories and specific pieces of personal information it has collected. Section 1798.105(d): A business shall comply with a deletion request within 45 days. Section 1798.150: Any consumer whose nonencrypted personal information is subject to unauthorized access may institute a civil action for damages of $100-$750 per incident.
§
Document B
45 CFR 164.530(j): A covered entity must retain documentation of policies for 6 years from the date of its creation or the date when it last was in effect, whichever is later. 45 CFR 164.524(a): An individual has the right to access and obtain a copy of their protected health information (PHI) in a designated record set. 45 CFR 164.502(a): A covered entity may not use or disclose PHI except as permitted or required by the Privacy Rule. 45 CFR 164.528: An individual has the right to receive an accounting of disclosures of PHI made in the 6 years prior to the request. 45 CFR 164.530(i): A covered entity must mitigate any harmful effect from an improper disclosure.
Detect Collisions
Conflicts
Critical
Major
Conflict Title
Document A
Document B
Impact
Resolution
← Back