You'll want to ask Rebecca Herold, Shelby Kobes, and/or Christopher Burgess. They are experts in medical device security and privacy.

Christopher Burgess Glad to discuss Beth / Dan - ping me directly.

Dan and Chris, if appropriate, have the discussion publicly so members may benefit!

Yes please discuss openly if appropriate... I would like to know more as well.

Karen Boyd, ASQ CQA Likewise, I'm interested in learning more as well.
Not sure if this would fall under HIPPA? If the customers are just visiting the sites and not sharing any personal health information, I don't know that HIPPA would apply or create an implication?

Christopher Burgess Glad to take a swing at this ....
#1 - targeting customers -- this phrase conjures up many goblins when viewed from the compliance and regulatory prism. For the purposes of this discussion, I am *assuming* (always dangerous I know), that the you have a sales funnel implemented on your web-site which permits individual visiting to provide their contact information and you in turn - (a) add them to your mailing list (b) provide them your white paper (c) offer them product savings, etc.
#2 - normal commerce - the above scenario is normal commerce and not specific to HIPAA. Good practice would be to implement the double opt-in so that you get verification the individual wants you to have their data.
#3 -- HIPAA -- HIPAA was designed to protect the privacy of patients. If you patients are not being asked to identify themselves as having a particular malady, nor provide their personal health information, then you should be sailing on smooth seas. If you are asking for individuals to pre-qualify themselves for the various items you are selling and are soliciting their medical information, then you want to be (a) crystal clear you are asking for their personal health information and that you are prepared and able to protect it. Your statement should demonstrate compliance with HIPAA (realizing of course that compliance does not equal secure - as the many PHI data breaches have demonstrated).

Welcome alternative interpretations / implementations.

Karen Boyd, ASQ CQA Thanks for your expertise, Christopher!

(Apologies for my earlier typos - meant "HIPAA".)

Dan Schultz Thanks Chris, I appreciate your insight. No patient data is acquired, just standard online marketing such as SEM, SEO, Social Media, etc... Again, thanks for taking time to respond!

Christopher Burgess My pleasure, glad to be of assistance. Reach out any time.

I have posted a few News Items on a Company that has an Innovative device OxySure Model 615. It is an Emergency Medical device that is a stop gap for laymen to assist in critical situations until EMT's arrive. It is also the ONLY Oxygen device allowed in the live DMZ War Zones for Military use. It is FDA Cleared for OTC sales. They have other Medical devices in their array of products such as AED's, Pulse Oxymeters, Resuscitation Bags, and QuikClot a product to stop bleeding ASAP in emergencies, in addition for Military use.
I write here because I always get a Message...Admin is Monitoring my posts, and when checking I see None posted to date.

Jadore