Mashable.com has published an interesting article on the legal implications of Augmented Reality as a marketing and advertising tool.
In the past year, AR has increasingly moved out of the “gee-whiz” phase of just being a technological marvel into becoming a legitimate and increasingly adopted tool in the marketing arsenal of a significant number of companies. (The Mashable article cites Ikea and Philips electronics as two examples, but there are many more, with new-comers jumping on board each day.)
There are, however, a number of significant legal implications that companies need to factor into their decision of whether or not AR is an appropriate tool to use and, if so, how to implement it.
These legal concerns include general privacy and data security issues, truth in advertising regulations, child protection (COPPA) issues, just to name a few.
The takeaway here is: if you are using AR in your marketing and product delivery process OR if you are thinking of adding AR to the mix, make sure that you have thought through and implemented policies and procedures that will keep you on the right side of the applicable laws and regulations that apply. Failing to do so can lead you into a ugly (and expensive) virtual dead-end.
Enforcement of HIPAA/HITECH Breach Notification Rules and related regulations is being significantly stepped up. As a consequence of the new fines and penalties associated with the HIPPA/HITECH Privacy Rule, being prepared in advance for an audits is becoming increasingly critical for covered business entities.
Enforcement of the new HIPAA Breach Notification Rule is big deal. In the past, audits had been performed only at entities against whom a compliant has been filed. Under the new rule audits are called for whether or not a complaint against the entity has been lodged. This means that the HHS can show up at a covered entity’s door and perform an audit on short notice… and woe be it to the entity which is not ready.
If a business is not ready for such audits, it can be subject to new, significantly higher fines, including a mandatory minimum of $10,000 for willful neglect of compliance. These fines can, in fact, go up to $50,000 per day. All HIPAA Covered Entities and Business Associates need to be fully in compliance and prepared for an audit at any time, or risk the penalties for non-compliance.
In some cases, multi-million dollar fines are possible. Recent enforcement actions have included a one-million dollar settlement for a breach of only192 records, as well as another one a small, two-doctor medical office, which ended up entering into a $100,000 settlement with HHS over its lack of Security Rule compliance. It appears that the days of “slap-on-the-wrist” penalties are over and much larger fines and settlements are being levied, with more on the way.
The take-away for covered entities is that, if your compliance and audit preparation with respect to HIPPA/HITECH issues is not at 100%, now is the time to get them there! Before it is too late.